OpenCVE

In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid connections after that. This behaviour is more prevalent after commit 58956317c8de ("neighbor: Improve garbage collection") is applied, as it prevents removal from entries that are not NUD_FAILED, unless they are more than 5s old.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f
https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3
https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137
https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc
https://lore.kernel.org/linux-cve-announce/2024031558-CVE-2021-47109-5bde@gregkh/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2021-47109
https://www.cve.org/CVERecord?id=CVE-2021-47109

History

Mon, 04 Nov 2024 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-03-15T20:14:18.469Z

Updated: 2024-11-04T11:59:34.892Z

Reserved: 2024-03-04T18:12:48.836Z

Link: CVE-2021-47109

Vulnrichment

Updated: 2024-08-04T05:24:39.847Z

NVD

Status : Awaiting Analysis

Published: 2024-03-15T21:15:06.457

Modified: 2024-11-21T06:35:24.957

Link: CVE-2021-47109

Redhat

Severity : Low

Publid Date: 2024-03-15T00:00:00Z

Links: CVE-2021-47109 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47109", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-03-04T18:12:48.836Z", "datePublished": "2024-03-15T20:14:18.469Z", "dateUpdated": "2024-11-04T11:59:34.892Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:59:34.892Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/neighbour.c"], "versions": [{"version": "58956317c8de", "lessThan": "d99029e6aab6", "status": "affected", "versionType": "git"}, {"version": "58956317c8de", "lessThan": "d17d47da59f7", "status": "affected", "versionType": "git"}, {"version": "58956317c8de", "lessThan": "ddf088d7aaaa", "status": "affected", "versionType": "git"}, {"version": "58956317c8de", "lessThan": "7a6b1ab7475f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/core/neighbour.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.125", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.43", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.10", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"}, {"url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"}, {"url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"}, {"url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"}], "title": "neighbour: allow NUD_NOARP entries to be forced GCed", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T15:24:45.992487Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:14:40.388Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.847Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:39.847Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47109", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-19T15:24:45.992487Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:18.770Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "neighbour: allow NUD_NOARP entries to be forced GCed", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "58956317c8de", "lessThan": "d99029e6aab6", "versionType": "git"}, {"status": "affected", "version": "58956317c8de", "lessThan": "d17d47da59f7", "versionType": "git"}, {"status": "affected", "version": "58956317c8de", "lessThan": "ddf088d7aaaa", "versionType": "git"}, {"status": "affected", "version": "58956317c8de", "lessThan": "7a6b1ab7475f", "versionType": "git"}], "programFiles": ["net/core/neighbour.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.0"}, {"status": "unaffected", "version": "0", "lessThan": "5.0", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.125", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.43", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.10", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/core/neighbour.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"}, {"url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"}, {"url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"}, {"url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T11:59:34.892Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47109", "state": "PUBLISHED", "dateUpdated": "2024-11-04T11:59:34.892Z", "dateReserved": "2024-03-04T18:12:48.836Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-03-15T20:14:18.469Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vecino: permite forzar las entradas NUD_NOARP. Las interfaces GCed IFF_POINTOPOINT utilizan entradas NUD_NOARP para IPv6. Es posible llenar la tabla de vecinos con suficientes entradas para que despu\u00e9s de eso se desborde de conexiones v\u00e1lidas. Este comportamiento es m\u00e1s frecuente despu\u00e9s de aplicar el commit 58956317c8de (\"vecino: mejorar la recolecci\u00f3n de basura\"), ya que evita la eliminaci\u00f3n de entradas que no son NUD_FAILED, a menos que tengan m\u00e1s de 5 a\u00f1os de antig\u00fcedad."}], "id": "CVE-2021-47109", "lastModified": "2024-11-21T06:35:24.957", "metrics": {}, "published": "2024-03-15T21:15:06.457", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: neighbour: allow NUD_NOARP entries to be forced GCed", "id": "2269875", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269875"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-121", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nneighbour: allow NUD_NOARP entries to be forced GCed\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\nThis behaviour is more prevalent after commit 58956317c8de (\"neighbor:\nImprove garbage collection\") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old."], "name": "CVE-2021-47109", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47109\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47109\nhttps://lore.kernel.org/linux-cve-announce/2024031558-CVE-2021-47109-5bde@gregkh/T/#u"], "threat_severity": "Low", "upstream_fix": "kernel 5.4.125, kernel 5.10.43, kernel 5.12.10, kernel 5.13"}