CVE-2021-3348: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-3348 is a use-after-free vulnerability discovered in the network block device (nbd) driver of the Linux kernel through version 5.10.12. The vulnerability was discovered by ADLab of venustech and reported on January 25, 2021. The issue exists in the nbdaddsocket function within drivers/block/nbd.c, where a race condition during device setup could allow local attackers with access to the nbd device to trigger a use-after-free condition (Kernel Commit, Ubuntu Security).

The vulnerability stems from a race condition in the nbd ioctl operations. When NBDSETSIZEBLOCKS ioctl calls nbdsizeset() to change the block size, and NBDSETSOCK ioctl calls nbdaddsocket() which invokes krealloc() to update a block, a race condition occurs. The nbdqueuerq() function, which runs concurrently, calls nbdhandle_cmd() and accesses config->socks without proper locking mechanisms, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.0 (High) (NVD, OSS Security).

The vulnerability could allow local attackers with access to the nbd device to cause a denial of service (system crash or memory corruption) or potentially execute arbitrary code. The impact is particularly severe in systems where users have access to nbd devices (Ubuntu Security, Debian LTS).

The issue was patched in the Linux kernel by adding queue freezing mechanisms during socket addition. The fix involves freezing the queue while adding connections to prevent errant requests during the reallocation of the socks array. The patch was committed with ID b98e762e3d71 and has been backported to various distribution kernels. Users should update their systems to patched versions (Kernel Commit).