CVE-2021-47291

Summary

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions

While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 ("ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions").

We additionally need to take care of fib6_metrics initialization failure when the caller provides an nh.

The fix is similar, explicitly free the route instead of calling fib6_info_release on a half-initialized object.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 < 830251361425c5be044db4d826aaf304ea3d14c6affected
LinuxLinuxf88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 < ce8fafb68051fba52546f8bbe8621f7641683680affected
LinuxLinuxf88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 < 115784bcccf135c3a3548098153413d76f16aae0affected
LinuxLinuxf88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 < 8fb4792f091e608a0a1d353dfdf07ef55a719db5affected
LinuxLinux5.3affected
LinuxLinux0 < 5.3unaffected
LinuxLinux5.4.136 <= 5.4.*unaffected
LinuxLinux5.10.54 <= 5.10.*unaffected
LinuxLinux5.13.6 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References