cve/published/2021/CVE-2021-47109.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2021-47109: neighbour: allow NUD_NOARP entries to be forced GCed

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 neighbour: allow NUD_NOARP entries to be forced GCed

 IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to
 fill up the neighbour table with enough entries that it will overflow for
 valid connections after that.

 This behaviour is more prevalent after commit 58956317c8de ("neighbor:
 Improve garbage collection") is applied, as it prevents removal from
 entries that are not NUD_FAILED, unless they are more than 5s old.

 The Linux kernel CVE team has assigned CVE-2021-47109 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.4.125 with commit d99029e6aab62aef0a0251588b2867e77e83b137
 	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.10.43 with commit d17d47da59f726dc4c87caebda3a50333d7e2fd3
 	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.12.10 with commit ddf088d7aaaaacfc836104f2e632b29b1d383cfc
 	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.13 with commit 7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2021-47109
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	net/core/neighbour.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137
 	https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3
 	https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc
 	https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2021-47109: neighbour: allow NUD_NOARP entries to be forced GCed

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	neighbour: allow NUD_NOARP entries to be forced GCed

	IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to
	fill up the neighbour table with enough entries that it will overflow for
	valid connections after that.

	This behaviour is more prevalent after commit 58956317c8de ("neighbor:
	Improve garbage collection") is applied, as it prevents removal from
	entries that are not NUD_FAILED, unless they are more than 5s old.

	The Linux kernel CVE team has assigned CVE-2021-47109 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.4.125 with commit d99029e6aab62aef0a0251588b2867e77e83b137
	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.10.43 with commit d17d47da59f726dc4c87caebda3a50333d7e2fd3
	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.12.10 with commit ddf088d7aaaaacfc836104f2e632b29b1d383cfc
	Issue introduced in 5.0 with commit 58956317c8de52009d1a38a721474c24aef74fe7 and fixed in 5.13 with commit 7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2021-47109
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	net/core/neighbour.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137
	https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3
	https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc
	https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f