CVE-2021-47160

Summary

In the Linux kernel, the following vulnerability has been resolved:

net: dsa: mt7530: fix VLAN traffic leaks

PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks:

ip link add br0 type bridge vlan_filtering 1
ip link add br1 type bridge vlan_filtering 1
ip link set swp0 master br0
ip link set swp1 master br1
ip link set br0 type bridge vlan_filtering 0
ip link set br1 type bridge vlan_filtering 0
# traffic in br0 and br1 will start leaking to each other

As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux83163f7dca5684816d01c8ccf4857aa74801e7b7 < ae389812733b1b1e8e07fcc238e41db166b5c78daffected
LinuxLinux83163f7dca5684816d01c8ccf4857aa74801e7b7 < 4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488affected
LinuxLinux83163f7dca5684816d01c8ccf4857aa74801e7b7 < b91117b66fe875723a4e79ec6263526fffdb44d2affected
LinuxLinux83163f7dca5684816d01c8ccf4857aa74801e7b7 < 82ae35b6c14feae5f216913d5b433e143c756d4eaffected
LinuxLinux83163f7dca5684816d01c8ccf4857aa74801e7b7 < 474a2ddaa192777522a7499784f1d60691cd831aaffected
LinuxLinux4.16affected
LinuxLinux0 < 4.16unaffected
LinuxLinux4.19.193 <= 4.19.*unaffected
LinuxLinux5.4.124 <= 5.4.*unaffected
LinuxLinux5.10.42 <= 5.10.*unaffected
LinuxLinux5.12.9 <= 5.12.*unaffected
LinuxLinux5.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References