The kernel leaks memory when firewalld IPv6_rpfilter is enabled and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as wg-quick). In such scenarios, every incoming packet will leak an allocation in ip6_dst_cache slab cache.
Can you provide more information on it? Is this an issue known upstrem?
OTOH I found in SuSE Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1192261 which would indicate this relates to upstream commit https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 .
If this is correct, would CVE-2021-3892 be a duplicate of CVE-2019-18198?
Setting correct needinfo
In reply to comment #10:
> Can you provide more information on it? Is this an issue known upstrem?
> OTOH I found in SuSE Bugzilla:
> https://bugzilla.suse.com/show_bug.cgi?id=1192261 which would indicate this
> relates to upstream commit
> https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 .
> If this is correct, would CVE-2021-3892 be a duplicate of CVE-2019-18198?
Yes, you are right. We have made CVE-2021-3892 a duplicate, thank you.
This flaw is fixed in the upstream Kernel 5.4 with
*** This bug has been marked as a duplicate of bug 1771486 ***
Thank you, will you officially mark the CVE-2021-3892 as REJECTED as CNA so that this would not cause potential confusion?
Hello Carnil, yes we will complete the cve rejection.