ghsa-4jvh-cf85-8374
Vulnerability from github
Published
2024-03-15 21:30
Modified
2024-03-15 21:30
Details

In the Linux kernel, the following vulnerability has been resolved:

neighbour: allow NUD_NOARP entries to be forced GCed

IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid connections after that.

This behaviour is more prevalent after commit 58956317c8de ("neighbor: Improve garbage collection") is applied, as it prevents removal from entries that are not NUD_FAILED, unless they are more than 5s old.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2021-47109"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-15T21:15:06Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It\u0027s possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old.",
  "id": "GHSA-4jvh-cf85-8374",
  "modified": "2024-03-15T21:30:43Z",
  "published": "2024-03-15T21:30:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47109"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.