Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2021-47291
HistoryMay 21, 2024 - 2:35 p.m.

CVE-2021-47291 ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions

2024-05-2114:35:16
Linux
github.com
5
ipv6
vulnerability
fix
linux kernel

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions

While running the self-tests on a KASAN enabled kernel, I observed a
slab-out-of-bounds splat very similar to the one reported in
commit 821bbf79fe46 (“ipv6: Fix KASAN: slab-out-of-bounds Read in
fib6_nh_flush_exceptions”).

We additionally need to take care of fib6_metrics initialization
failure when the caller provides an nh.

The fix is similar, explicitly free the route instead of calling
fib6_info_release on a half-initialized object.

CNA Affected

[
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "f88d8ea67fbd",
        "lessThan": "830251361425",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f88d8ea67fbd",
        "lessThan": "ce8fafb68051",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f88d8ea67fbd",
        "lessThan": "115784bcccf1",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "f88d8ea67fbd",
        "lessThan": "8fb4792f091e",
        "versionType": "git"
      }
    ],
    "programFiles": [
      "net/ipv6/route.c"
    ],
    "defaultStatus": "unaffected"
  },
  {
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "vendor": "Linux",
    "product": "Linux",
    "versions": [
      {
        "status": "affected",
        "version": "5.3"
      },
      {
        "status": "unaffected",
        "version": "0",
        "lessThan": "5.3",
        "versionType": "custom"
      },
      {
        "status": "unaffected",
        "version": "5.4.136",
        "versionType": "custom",
        "lessThanOrEqual": "5.4.*"
      },
      {
        "status": "unaffected",
        "version": "5.10.54",
        "versionType": "custom",
        "lessThanOrEqual": "5.10.*"
      },
      {
        "status": "unaffected",
        "version": "5.13.6",
        "versionType": "custom",
        "lessThanOrEqual": "5.13.*"
      },
      {
        "status": "unaffected",
        "version": "5.14",
        "versionType": "original_commit_for_fix",
        "lessThanOrEqual": "*"
      }
    ],
    "programFiles": [
      "net/ipv6/route.c"
    ],
    "defaultStatus": "affected"
  }
]

Related

ubuntucve 1
osv 1
redhatcve 1
nvd 1
debiancve 1
cve 1
cvelist 1
nessus 2
openvas 1
ubuntucve
ubuntucve
CVE-2021-47291
2024-05-21 00:00:00
osv
osv
CVE-2021-47291
2024-05-21 15:15:00
redhatcve
redhatcve
CVE-2021-47291
2024-05-23 13:31:27
nvd
nvd
CVE-2021-47291
2024-05-21 15:15:17
debiancve
debiancve
CVE-2021-47291
2024-05-21 15:15:17
cve
cve
CVE-2021-47291
2024-05-21 15:15:17
cvelist
cvelist
CVE-2021-47291 ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
2024-05-21 14:35:16
nessus
nessus
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2923-1)
2024-08-16 00:00:00
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2948-1)
2024-08-17 00:00:00
openvas
openvas
openSUSE: Security Advisory for the Linux Kernel (SUSE-SU-2024:2948-1)
2024-08-20 00:00:00

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2021-47291
ubuntucve1osv1redhatcve1nvd1debiancve1cve1cvelist1nessus2openvas1