A vulnerability was found in net/netfilter/x_tables.c in netfilter in the Linux Kernel. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc00bcaa589914096edef7fb87ca5cee4a166b5c
This flaw is marked moderate as the attacker need a special privilege of CAP_NET_ADMIN to exploit this usecase.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-36694
Hello Rohit, while doing review of the Vulnerability Assessment report of RHEL 8.6 for the purpose of Common Criteria certification, we came across this CVE. This bugzilla does not dispute that this CVE with moderate impact exists. Yet the CVE page https://access.redhat.com/security/cve/CVE-2020-36694 says Not affected for all supported RHELs, rather than Wontfix or something similar. Could you please check and update the CVE page to more correctly reflect situation with this CVE? Thank you, Jan
This issue was fixed upstream in kernel version 5.10. The kernel packages as shipped in Red Hat Enterprise Linux 8 were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2021:1578 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2021:1739