A flaw was found in the Linux kernels netfilter implementation. A missing generation check during DELTABLE processing causes it to queue the DELFLOWTABLE operation a second time possibly leading to data corruption and denial of service. An attacker must have either root or CAP_SYS_ADMIN capabilities to exploit this flaw. References: https://bugzilla.redhat.com/show_bug.cgi?id=1974543
This is rated as a Low, as you must be root or cap_sys_admin with a local account to be able to create the exploitable condition.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1990729]
Hi folks, could you please open 1974543 to the public? I cannot find details about this bug anywhere. Thanks
Hi Gianluca, (In reply to Gianluca Gabrielli from comment #9) > Hi folks, > > could you please open 1974543 to the public? I cannot find details about > this bug anywhere. > > Thanks External to Red Hat here, but was searching as well for some information about this CVE. I suspect this is about the upstream commit https://git.kernel.org/linus/335178d5429c4cee61b58f4ac80688f556630818 Regards, Salvatore
The BZ #1974543 is an internal tracking bug, and contains no information relevant to this flaw.
(In reply to Salvatore Bonaccorso from comment #10) > Hi Gianluca, > > (In reply to Gianluca Gabrielli from comment #9) > > Hi folks, > > > > could you please open 1974543 to the public? I cannot find details about > > this bug anywhere. > > > > Thanks > > External to Red Hat here, but was searching as well for some information > about this CVE. I suspect this is about the upstream commit > https://git.kernel.org/linus/335178d5429c4cee61b58f4ac80688f556630818 Yes, it really seems the right one. Nice catch and thanks for having shared it.
This was fixed for Fedora with the 5.4.14 stable kernel updates.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3635