Bug 2014623 (CVE-2021-3892)
Summary: | CVE-2021-3892 kernel: memory leak in fib6_rule_suppress could result in DoS | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED DUPLICATE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, allarkin, bdettelb, bhu, brdeoliv, bskeggs, carnil, chwhite, crwood, darunesh, dhoward, dvlasenk, eshatokhin, fhrbata, fpacheco, haliu, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, security-response-team, steved, vkumar, walters, williams |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Kernel 5.4 | Doc Type: | If docs needed, set a value |
Doc Text: |
A memory leak flaw was reported in firewalld when IPv6_rpfilter is enabled and a suppress_prefix rule is present in the IPv6 routing rules. In such scenarios, every incoming packet will leak an allocation in ip6_dst_cache slab cache.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-12-06 07:52:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2014648, 2014649, 2014650 | ||
Bug Blocks: | 2008467 |
Description
Michael Kaplan
2021-10-15 16:14:46 UTC
Hi Can you provide more information on it? Is this an issue known upstrem? OTOH I found in SuSE Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1192261 which would indicate this relates to upstream commit https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 . If this is correct, would CVE-2021-3892 be a duplicate of CVE-2019-18198? Regards, Salvatore Setting correct needinfo In reply to comment #10: > Hi > > Can you provide more information on it? Is this an issue known upstrem? > > OTOH I found in SuSE Bugzilla: > https://bugzilla.suse.com/show_bug.cgi?id=1192261 which would indicate this > relates to upstream commit > https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 . > > If this is correct, would CVE-2021-3892 be a duplicate of CVE-2019-18198? Hello, Yes, you are right. We have made CVE-2021-3892 a duplicate, thank you. This flaw is fixed in the upstream Kernel 5.4 with https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26 *** This bug has been marked as a duplicate of bug 1771486 *** Thank you, will you officially mark the CVE-2021-3892 as REJECTED as CNA so that this would not cause potential confusion? Hello Carnil, yes we will complete the cve rejection. |