The kernel leaks memory when firewalld IPv6_rpfilter is enabled and a suppress_prefix rule is present in the IPv6 routing rules (used by certain tools such as wg-quick). In such scenarios, every incoming packet will leak an allocation in ip6_dst_cache slab cache. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=2008123
Hi Can you provide more information on it? Is this an issue known upstrem? OTOH I found in SuSE Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1192261 which would indicate this relates to upstream commit https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 . If this is correct, would CVE-2021-3892 be a duplicate of CVE-2019-18198? Regards, Salvatore
Setting correct needinfo
In reply to comment #10: > Hi > > Can you provide more information on it? Is this an issue known upstrem? > > OTOH I found in SuSE Bugzilla: > https://bugzilla.suse.com/show_bug.cgi?id=1192261 which would indicate this > relates to upstream commit > https://git.kernel.org/linus/ca7a03c4175366a92cee0ccc4fec0038c3266e26 . > > If this is correct, would CVE-2021-3892 be a duplicate of CVE-2019-18198? Hello, Yes, you are right. We have made CVE-2021-3892 a duplicate, thank you. This flaw is fixed in the upstream Kernel 5.4 with https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ca7a03c4175366a92cee0ccc4fec0038c3266e26
*** This bug has been marked as a duplicate of bug 1771486 ***
Thank you, will you officially mark the CVE-2021-3892 as REJECTED as CNA so that this would not cause potential confusion?
Hello Carnil, yes we will complete the cve rejection.