cve/published/2021/CVE-2021-47312.json

{
   "containers": {
      "cna": {
         "providerMetadata": {
            "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038"
         },
         "descriptions": [
            {
               "lang": "en",
               "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix dereference of null pointer flow\n\nIn the case where chain->flags & NFT_CHAIN_HW_OFFLOAD is false then\nnft_flow_rule_create is not called and flow is NULL. The subsequent\nerror handling execution via label err_destroy_flow_rule will lead\nto a null pointer dereference on flow when calling nft_flow_rule_destroy.\nSince the error path to err_destroy_flow_rule has to cater for null\nand non-null flows, only call nft_flow_rule_destroy if flow is non-null\nto fix this issue.\n\nAddresses-Coverity: (\"Explicity null dereference\")"
            }
         ],
         "affected": [
            {
               "product": "Linux",
               "vendor": "Linux",
               "defaultStatus": "unaffected",
               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               "programFiles": [
                  "net/netfilter/nf_tables_api.c"
               ],
               "versions": [
                  {
                     "version": "09b1f676e2e0bbff67c568672c565c6f31470157",
                     "lessThan": "70a5a1950cca02c5cd161bb3846b4d983eed97d3",
                     "status": "affected",
                     "versionType": "git"
                  },
                  {
                     "version": "3c5e44622011b9ea21bd425875dcccfc9a158f5f",
                     "lessThan": "4ca041f919f13783b0b03894783deee00dbca19a",
                     "status": "affected",
                     "versionType": "git"
                  }
               ]
            },
            {
               "product": "Linux",
               "vendor": "Linux",
               "defaultStatus": "unaffected",
               "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               "programFiles": [
                  "net/netfilter/nf_tables_api.c"
               ],
               "versions": [
                  {
                     "version": "5.13.2",
                     "lessThan": "5.13.5",
                     "status": "affected",
                     "versionType": "semver"
                  }
               ]
            }
         ],
         "cpeApplicability": [
            {
               "nodes": [
                  {
                     "operator": "OR",
                     "negate": false,
                     "cpeMatch": [
                        {
                           "vulnerable": true,
                           "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                           "versionStartIncluding": "5.13.2",
                           "versionEndExcluding": "5.13.5"
                        }
                     ]
                  }
               ]
            }
         ],
         "references": [
            {
               "url": "https://git.kernel.org/stable/c/70a5a1950cca02c5cd161bb3846b4d983eed97d3"
            },
            {
               "url": "https://git.kernel.org/stable/c/4ca041f919f13783b0b03894783deee00dbca19a"
            }
         ],
         "title": "netfilter: nf_tables: Fix dereference of null pointer flow",
         "x_generator": {
            "engine": "bippy-1.2.0"
         }
      }
   },
   "cveMetadata": {
      "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038",
      "cveID": "CVE-2021-47312",
      "requesterUserId": "gregkh@kernel.org",
      "serial": "1",
      "state": "PUBLISHED"
   },
   "dataType": "CVE_RECORD",
   "dataVersion": "5.0"
}