CVE-2021-47293
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbmod: Skip non-Ethernet packets
Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices:
$ ip link add dev vcan0 type vcan
$ ip link set up vcan0
$ tc qdisc add dev vcan0 root handle 1: htb
$ tc filter add dev vcan0 parent 1: protocol ip prio 10 \
matchall action skbmod swap mac
Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 86da71b57383d40993cb90baafb3735cffe5d800 < e4fdca366806f6bab374d1a95e626a10a3854b0c | affected |
| Linux | Linux | 86da71b57383d40993cb90baafb3735cffe5d800 < a88414fb1117f2fe65fb88e45ba694e1d09d5024 | affected |
| Linux | Linux | 86da71b57383d40993cb90baafb3735cffe5d800 < 071729150be9e1d1b851b70efb6d91ee9269d57b | affected |
| Linux | Linux | 86da71b57383d40993cb90baafb3735cffe5d800 < 34f1e1f657fae2891b485a3b2b95fe4d2aef9f0d | affected |
| Linux | Linux | 86da71b57383d40993cb90baafb3735cffe5d800 < 727d6a8b7ef3d25080fad228b2c4a1d4da5999c6 | affected |
| Linux | Linux | 4.9 | affected |
| Linux | Linux | 0 < 4.9 | unaffected |
| Linux | Linux | 4.19.199 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.136 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.54 <= 5.10.* | unaffected |
| Linux | Linux | 5.13.6 <= 5.13.* | unaffected |
| Linux | Linux | 5.14 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://git.kernel.org/stable/c/e4fdca366806f6bab374d1a95e626a10a3854b0c
- https://git.kernel.org/stable/c/a88414fb1117f2fe65fb88e45ba694e1d09d5024
- https://git.kernel.org/stable/c/071729150be9e1d1b851b70efb6d91ee9269d57b
- https://git.kernel.org/stable/c/34f1e1f657fae2891b485a3b2b95fe4d2aef9f0d
- https://git.kernel.org/stable/c/727d6a8b7ef3d25080fad228b2c4a1d4da5999c6
References
- https://git.kernel.org/stable/c/e4fdca366806f6bab374d1a95e626a10a3854b0c
- https://git.kernel.org/stable/c/a88414fb1117f2fe65fb88e45ba694e1d09d5024
- https://git.kernel.org/stable/c/071729150be9e1d1b851b70efb6d91ee9269d57b
- https://git.kernel.org/stable/c/34f1e1f657fae2891b485a3b2b95fe4d2aef9f0d
- https://git.kernel.org/stable/c/727d6a8b7ef3d25080fad228b2c4a1d4da5999c6
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.