Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentLinuxVULNRICHMENT:CVE-2021-47452
HistoryMay 22, 2024 - 6:19 a.m.

CVE-2021-47452 netfilter: nf_tables: skip netdev events generated on netns removal

2024-05-2206:19:42
Linux
github.com
linux kernel
netfilter
nf_tables
vulnerability
resolution
syzbot
warnings
netdev events
netns removal
unshare
bash
bridge
ingress filter
policy drop
notifier
hook removal

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: skip netdev events generated on netns removal

syzbot reported following (harmless) WARN:

WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468
nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]
nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]
__nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524
nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline]
nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382

reproducer:
unshare -n bash -c ‘ip link add br0 type bridge; nft add table netdev t ;
nft add chain netdev t ingress { type filter hook ingress device “br0”
priority 0; policy drop; }’

Problem is that when netns device exit hooks create the UNREGISTER
event, the .pre_exit hook for nf_tables core has already removed the
base hook. Notifier attempts to do this again.

The need to do base hook unregister unconditionally was needed in the past,
because notifier was last stage where reg->dev dereference was safe.

Now that nf_tables does the hook removal in .pre_exit, this isn’t
needed anymore.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/netfilter/nft_chain_filter.c"
    ],
    "versions": [
      {
        "version": "767d1216bff8",
        "lessThan": "90c7c58aa2bd",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "767d1216bff8",
        "lessThan": "68a3765c659f",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "net/netfilter/nft_chain_filter.c"
    ],
    "versions": [
      {
        "version": "5.11",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "5.11",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.14.15",
        "lessThanOrEqual": "5.14.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]

Related

cvelist 1
cve 1
debiancve 1
ubuntucve 1
redhatcve 1
nvd 1
nessus 2
cvelist
cvelist
CVE-2021-47452 netfilter: nf_tables: skip netdev events generated on netns removal
2024-05-22 06:19:42
cve
cve
CVE-2021-47452
2024-05-22 07:15:10
debiancve
debiancve
CVE-2021-47452
2024-05-22 07:15:10
ubuntucve
ubuntucve
CVE-2021-47452
2024-05-22 00:00:00
redhatcve
redhatcve
CVE-2021-47452
2024-05-23 11:05:34
nvd
nvd
CVE-2021-47452
2024-05-22 07:15:10
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2008-1)
2024-06-13 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2019-1)
2024-06-14 00:00:00

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON
Related for VULNRICHMENT:CVE-2021-47452
cvelist1cve1debiancve1ubuntucve1redhatcve1nvd1nessus2