Bug 1976946 (CVE-2021-3635) - CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
Summary: CVE-2021-3635 kernel: flowtable list del corruption with kernel BUG at lib/li...
Keywords:
Status: NEW
Alias: CVE-2021-3635
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1977137 1977138 1990729
Blocks: 1974858 1978820
TreeView+ depends on / blocked
 
Reported: 2021-06-28 15:49 UTC by Pedro Sampaio
Modified: 2021-09-16 12:51 UTC (History)
50 users (show)

Fixed In Version: kernel 5.5-rc7
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel netfilter implementation. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Pedro Sampaio 2021-06-28 15:49:51 UTC
A flaw was found in the Linux kernels netfilter implementation. A missing generation check during DELTABLE processing causes it to queue the DELFLOWTABLE operation a second time possibly leading to data corruption and denial of service.  An attacker must have either root or CAP_SYS_ADMIN capabilities to exploit this flaw.

References:

https://bugzilla.redhat.com/show_bug.cgi?id=1974543

Comment 2 Wade Mealing 2021-06-29 04:07:16 UTC
This is rated as a Low, as you must be root or cap_sys_admin with a local account to be able to create the exploitable condition.

Comment 8 Wade Mealing 2021-08-06 05:10:29 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1990729]

Comment 9 Gianluca Gabrielli 2021-08-27 12:41:40 UTC
Hi folks,

could you please open 1974543 to the public? I cannot find details about this bug anywhere.

Thanks

Comment 10 Salvatore Bonaccorso 2021-09-12 19:03:25 UTC
Hi Gianluca,

(In reply to Gianluca Gabrielli from comment #9)
> Hi folks,
> 
> could you please open 1974543 to the public? I cannot find details about
> this bug anywhere.
> 
> Thanks

External to Red Hat here, but was searching as well for some information about this CVE. I suspect this is about the upstream commit https://git.kernel.org/linus/335178d5429c4cee61b58f4ac80688f556630818


Regards,
Salvatore

Comment 11 Wade Mealing 2021-09-13 02:48:44 UTC
The BZ #1974543 is an internal tracking bug, and contains no information relevant to this flaw.

Comment 13 Gianluca Gabrielli 2021-09-16 12:51:29 UTC
(In reply to Salvatore Bonaccorso from comment #10)
> Hi Gianluca,
> 
> (In reply to Gianluca Gabrielli from comment #9)
> > Hi folks,
> > 
> > could you please open 1974543 to the public? I cannot find details about
> > this bug anywhere.
> > 
> > Thanks
> 
> External to Red Hat here, but was searching as well for some information
> about this CVE. I suspect this is about the upstream commit
> https://git.kernel.org/linus/335178d5429c4cee61b58f4ac80688f556630818

Yes, it really seems the right one. Nice catch and thanks for having shared it.


Note You need to log in before you can comment on or make changes to this bug.