cve-2021-47109
Vulnerability from cvelistv5
Published
2024-03-15 20:14
Modified
2024-11-04 11:59
Severity ?
Summary
neighbour: allow NUD_NOARP entries to be forced GCed
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc
Impacted products
LinuxLinux
LinuxLinux
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47109",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-19T15:24:45.992487Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:14:40.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.847Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/neighbour.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d99029e6aab6",
              "status": "affected",
              "version": "58956317c8de",
              "versionType": "git"
            },
            {
              "lessThan": "d17d47da59f7",
              "status": "affected",
              "version": "58956317c8de",
              "versionType": "git"
            },
            {
              "lessThan": "ddf088d7aaaa",
              "status": "affected",
              "version": "58956317c8de",
              "versionType": "git"
            },
            {
              "lessThan": "7a6b1ab7475f",
              "status": "affected",
              "version": "58956317c8de",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/neighbour.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.125",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.43",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It\u0027s possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:59:34.892Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"
        },
        {
          "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"
        }
      ],
      "title": "neighbour: allow NUD_NOARP entries to be forced GCed",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47109",
    "datePublished": "2024-03-15T20:14:18.469Z",
    "dateReserved": "2024-03-04T18:12:48.836Z",
    "dateUpdated": "2024-11-04T11:59:34.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-47109\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-03-15T21:15:06.457\",\"lastModified\":\"2024-03-17T22:38:29.433\",\"vulnStatus\":\"Awaiting Analysis\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nneighbour: allow NUD_NOARP entries to be forced GCed\\n\\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It\u0027s possible to\\nfill up the neighbour table with enough entries that it will overflow for\\nvalid connections after that.\\n\\nThis behaviour is more prevalent after commit 58956317c8de (\\\"neighbor:\\nImprove garbage collection\\\") is applied, as it prevents removal from\\nentries that are not NUD_FAILED, unless they are more than 5s old.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vecino: permite forzar las entradas NUD_NOARP. Las interfaces GCed IFF_POINTOPOINT utilizan entradas NUD_NOARP para IPv6. Es posible llenar la tabla de vecinos con suficientes entradas para que despu\u00e9s de eso se desborde de conexiones v\u00e1lidas. Este comportamiento es m\u00e1s frecuente despu\u00e9s de aplicar el commit 58956317c8de (\\\"vecino: mejorar la recolecci\u00f3n de basura\\\"), ya que evita la eliminaci\u00f3n de entradas que no son NUD_FAILED, a menos que tengan m\u00e1s de 5 a\u00f1os de antig\u00fcedad.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.