CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-47394

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unlink table before deleting it syzbot reports following UAF: BUG: KASAN: use-after-free in memcmp+0x18f/0x1c0 lib/string.c:955 nla_strcmp+0xf2/0x130 lib/nlattr.c:836 nft_table_lookup.part.0+0x1a2/0x460 net/netfilter/nf_tables_api.c:570 nft_table_lookup net/netfilter/nf_tables_api.c:4064 [inline] nf_tables_getset+0x1b3/0x860 net/netfilter/nf_tables_api.c:4064 nfnetlink_rcv_msg+0x659/0x13f0 net/netfilter/nfnetlink.c:285 netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2504 Problem is that all get operations are lockless, so the commit_mutex held by nft_rcv_nl_event() isn't enough to stop a parallel GET request from doing read-accesses to the table object even after synchronize_rcu(). To avoid this, unlink the table first and store the table objects in on-stack scratch space.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.9%

CVSS Severity

CVSS v3 Score 7.8

References

Products affected by CVE-2021-47394

Linux » Linux Kernel » Version: 5.12

cpe:2.3:o:linux:linux_kernel:5.12
Linux » Linux Kernel » Version: 5.12.1

cpe:2.3:o:linux:linux_kernel:5.12.1
Linux » Linux Kernel » Version: 5.12.10

cpe:2.3:o:linux:linux_kernel:5.12.10
Linux » Linux Kernel » Version: 5.12.11

cpe:2.3:o:linux:linux_kernel:5.12.11
Linux » Linux Kernel » Version: 5.12.12

cpe:2.3:o:linux:linux_kernel:5.12.12
Linux » Linux Kernel » Version: 5.12.13

cpe:2.3:o:linux:linux_kernel:5.12.13
Linux » Linux Kernel » Version: 5.12.14

cpe:2.3:o:linux:linux_kernel:5.12.14
Linux » Linux Kernel » Version: 5.12.15

cpe:2.3:o:linux:linux_kernel:5.12.15
Linux » Linux Kernel » Version: 5.12.16

cpe:2.3:o:linux:linux_kernel:5.12.16
Linux » Linux Kernel » Version: 5.12.17

cpe:2.3:o:linux:linux_kernel:5.12.17
Linux » Linux Kernel » Version: 5.12.18

cpe:2.3:o:linux:linux_kernel:5.12.18
Linux » Linux Kernel » Version: 5.12.19

cpe:2.3:o:linux:linux_kernel:5.12.19
Linux » Linux Kernel » Version: 5.12.2

cpe:2.3:o:linux:linux_kernel:5.12.2
Linux » Linux Kernel » Version: 5.12.25

cpe:2.3:o:linux:linux_kernel:5.12.25
Linux » Linux Kernel » Version: 5.12.3

cpe:2.3:o:linux:linux_kernel:5.12.3
Linux » Linux Kernel » Version: 5.12.4

cpe:2.3:o:linux:linux_kernel:5.12.4
Linux » Linux Kernel » Version: 5.12.5

cpe:2.3:o:linux:linux_kernel:5.12.5
Linux » Linux Kernel » Version: 5.12.6

cpe:2.3:o:linux:linux_kernel:5.12.6
Linux » Linux Kernel » Version: 5.12.7

cpe:2.3:o:linux:linux_kernel:5.12.7
Linux » Linux Kernel » Version: 5.12.8

cpe:2.3:o:linux:linux_kernel:5.12.8
Linux » Linux Kernel » Version: 5.12.9

cpe:2.3:o:linux:linux_kernel:5.12.9
Linux » Linux Kernel » Version: 5.13

cpe:2.3:o:linux:linux_kernel:5.13
Linux » Linux Kernel » Version: 5.13.0-52

cpe:2.3:o:linux:linux_kernel:5.13.0-52
Linux » Linux Kernel » Version: 5.13.1

cpe:2.3:o:linux:linux_kernel:5.13.1
Linux » Linux Kernel » Version: 5.13.10

cpe:2.3:o:linux:linux_kernel:5.13.10
Linux » Linux Kernel » Version: 5.13.11

cpe:2.3:o:linux:linux_kernel:5.13.11
Linux » Linux Kernel » Version: 5.13.12

cpe:2.3:o:linux:linux_kernel:5.13.12
Linux » Linux Kernel » Version: 5.13.13

cpe:2.3:o:linux:linux_kernel:5.13.13
Linux » Linux Kernel » Version: 5.13.14

cpe:2.3:o:linux:linux_kernel:5.13.14
Linux » Linux Kernel » Version: 5.13.15

cpe:2.3:o:linux:linux_kernel:5.13.15
Linux » Linux Kernel » Version: 5.13.16

cpe:2.3:o:linux:linux_kernel:5.13.16
Linux » Linux Kernel » Version: 5.13.17

cpe:2.3:o:linux:linux_kernel:5.13.17
Linux » Linux Kernel » Version: 5.13.18

cpe:2.3:o:linux:linux_kernel:5.13.18
Linux » Linux Kernel » Version: 5.13.19

cpe:2.3:o:linux:linux_kernel:5.13.19
Linux » Linux Kernel » Version: 5.13.2

cpe:2.3:o:linux:linux_kernel:5.13.2
Linux » Linux Kernel » Version: 5.13.3

cpe:2.3:o:linux:linux_kernel:5.13.3
Linux » Linux Kernel » Version: 5.13.4

cpe:2.3:o:linux:linux_kernel:5.13.4
Linux » Linux Kernel » Version: 5.13.5

cpe:2.3:o:linux:linux_kernel:5.13.5
Linux » Linux Kernel » Version: 5.13.6

cpe:2.3:o:linux:linux_kernel:5.13.6
Linux » Linux Kernel » Version: 5.13.7

cpe:2.3:o:linux:linux_kernel:5.13.7
Linux » Linux Kernel » Version: 5.13.8

cpe:2.3:o:linux:linux_kernel:5.13.8
Linux » Linux Kernel » Version: 5.13.9

cpe:2.3:o:linux:linux_kernel:5.13.9
Linux » Linux Kernel » Version: 5.14

cpe:2.3:o:linux:linux_kernel:5.14
Linux » Linux Kernel » Version: 5.14.1

cpe:2.3:o:linux:linux_kernel:5.14.1
Linux » Linux Kernel » Version: 5.14.2

cpe:2.3:o:linux:linux_kernel:5.14.2
Linux » Linux Kernel » Version: 5.14.3

cpe:2.3:o:linux:linux_kernel:5.14.3
Linux » Linux Kernel » Version: 5.14.4

cpe:2.3:o:linux:linux_kernel:5.14.4
Linux » Linux Kernel » Version: 5.14.5

cpe:2.3:o:linux:linux_kernel:5.14.5
Linux » Linux Kernel » Version: 5.14.6

cpe:2.3:o:linux:linux_kernel:5.14.6
Linux » Linux Kernel » Version: 5.14.7

cpe:2.3:o:linux:linux_kernel:5.14.7
Linux » Linux Kernel » Version: 5.14.8

cpe:2.3:o:linux:linux_kernel:5.14.8
Linux » Linux Kernel » Version: 5.14.9

cpe:2.3:o:linux:linux_kernel:5.14.9
Linux » Linux Kernel » Version: 5.15

cpe:2.3:o:linux:linux_kernel:5.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-47394

Products

Pricing

Contact Us