Bug 1993988 (CVE-2021-3715)
Summary: | CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, asavkov, bhu, blc, brdeoliv, bskeggs, chwhite, crwood, ctoe, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, ivecera, jarod, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, michal.skrivanek, mlangsdo, mleitner, mperina, mvanderw, nmurray, nobody, ptalbert, qzhao, rhandlin, rik.theys, rkeshri, rvrbovsk, sbonazzo, security-response-team, sgrubb, steved, walters, williams, ycote |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Kernel 5.10 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-09-07 20:33:34 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1824071, 1992926, 1994012, 1994013, 1994014, 1994015, 1994016, 1994018, 1994019, 1994020, 1994463, 1996610, 1996611, 1997195, 1997756, 2114849, 2122585, 2132973 | ||
Bug Blocks: | 1993312, 2002252 |
Description
Petr Matousek
2021-08-16 13:49:46 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3442 https://access.redhat.com/errata/RHSA-2021:3442 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3439 https://access.redhat.com/errata/RHSA-2021:3439 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3443 https://access.redhat.com/errata/RHSA-2021:3443 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3445 https://access.redhat.com/errata/RHSA-2021:3445 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:3444 https://access.redhat.com/errata/RHSA-2021:3444 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3441 https://access.redhat.com/errata/RHSA-2021:3441 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2021:3438 https://access.redhat.com/errata/RHSA-2021:3438 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:3446 https://access.redhat.com/errata/RHSA-2021:3446 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3715 This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2021:3477 https://access.redhat.com/errata/RHSA-2021:3477 This issue has been addressed in the following products: Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions Via RHSA-2022:7173 https://access.redhat.com/errata/RHSA-2022:7173 |