CVE-2021-47293

Summary

In the Linux kernel, the following vulnerability has been resolved:

net/sched: act_skbmod: Skip non-Ethernet packets

Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices:

$ ip link add dev vcan0 type vcan
$ ip link set up vcan0
$ tc qdisc add dev vcan0 root handle 1: htb
$ tc filter add dev vcan0 parent 1: protocol ip prio 10 \
	matchall action skbmod swap mac

Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux86da71b57383d40993cb90baafb3735cffe5d800 < e4fdca366806f6bab374d1a95e626a10a3854b0caffected
LinuxLinux86da71b57383d40993cb90baafb3735cffe5d800 < a88414fb1117f2fe65fb88e45ba694e1d09d5024affected
LinuxLinux86da71b57383d40993cb90baafb3735cffe5d800 < 071729150be9e1d1b851b70efb6d91ee9269d57baffected
LinuxLinux86da71b57383d40993cb90baafb3735cffe5d800 < 34f1e1f657fae2891b485a3b2b95fe4d2aef9f0daffected
LinuxLinux86da71b57383d40993cb90baafb3735cffe5d800 < 727d6a8b7ef3d25080fad228b2c4a1d4da5999c6affected
LinuxLinux4.9affected
LinuxLinux0 < 4.9unaffected
LinuxLinux4.19.199 <= 4.19.*unaffected
LinuxLinux5.4.136 <= 5.4.*unaffected
LinuxLinux5.10.54 <= 5.10.*unaffected
LinuxLinux5.13.6 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References