{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47452", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:58:30.833Z", "datePublished": "2024-05-22T06:19:42.721Z", "dateUpdated": "2024-11-04T12:06:13.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:06:13.123Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: skip netdev events generated on netns removal\n\nsyzbot reported following (harmless) WARN:\n\n WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468\n nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]\n nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]\n __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524\n nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline]\n nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382\n\nreproducer:\nunshare -n bash -c 'ip link add br0 type bridge; nft add table netdev t ; \\\n nft add chain netdev t ingress \\{ type filter hook ingress device \"br0\" \\\n priority 0\\; policy drop\\; \\}'\n\nProblem is that when netns device exit hooks create the UNREGISTER\nevent, the .pre_exit hook for nf_tables core has already removed the\nbase hook. Notifier attempts to do this again.\n\nThe need to do base hook unregister unconditionally was needed in the past,\nbecause notifier was last stage where reg->dev dereference was safe.\n\nNow that nf_tables does the hook removal in .pre_exit, this isn't\nneeded anymore."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_chain_filter.c"], "versions": [{"version": "767d1216bff8", "lessThan": "90c7c58aa2bd", "status": "affected", "versionType": "git"}, {"version": "767d1216bff8", "lessThan": "68a3765c659f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nft_chain_filter.c"], "versions": [{"version": "5.11", "status": "affected"}, {"version": "0", "lessThan": "5.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.14.15", "lessThanOrEqual": "5.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/90c7c58aa2bd02c65a4c63b7dfe0b16eab12cf9f"}, {"url": "https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739"}], "title": "netfilter: nf_tables: skip netdev events generated on netns removal", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-10T18:55:58.283625Z", "id": "CVE-2021-47452", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:56:06.393Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:58.991Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/90c7c58aa2bd02c65a4c63b7dfe0b16eab12cf9f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/90c7c58aa2bd02c65a4c63b7dfe0b16eab12cf9f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:39:58.991Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47452", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-10T18:55:58.283625Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-10T18:56:03.744Z"}}], "cna": {"title": "netfilter: nf_tables: skip netdev events generated on netns removal", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "767d1216bff8", "lessThan": "90c7c58aa2bd", "versionType": "git"}, {"status": "affected", "version": "767d1216bff8", "lessThan": "68a3765c659f", "versionType": "git"}], "programFiles": ["net/netfilter/nft_chain_filter.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.11"}, {"status": "unaffected", "version": "0", "lessThan": "5.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.14.15", "versionType": "semver", "lessThanOrEqual": "5.14.*"}, {"status": "unaffected", "version": "5.15", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nft_chain_filter.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/90c7c58aa2bd02c65a4c63b7dfe0b16eab12cf9f"}, {"url": "https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: skip netdev events generated on netns removal\n\nsyzbot reported following (harmless) WARN:\n\n WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468\n nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]\n nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]\n __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524\n nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline]\n nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382\n\nreproducer:\nunshare -n bash -c 'ip link add br0 type bridge; nft add table netdev t ; \\\n nft add chain netdev t ingress \\{ type filter hook ingress device \"br0\" \\\n priority 0\\; policy drop\\; \\}'\n\nProblem is that when netns device exit hooks create the UNREGISTER\nevent, the .pre_exit hook for nf_tables core has already removed the\nbase hook. Notifier attempts to do this again.\n\nThe need to do base hook unregister unconditionally was needed in the past,\nbecause notifier was last stage where reg->dev dereference was safe.\n\nNow that nf_tables does the hook removal in .pre_exit, this isn't\nneeded anymore."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:06:13.123Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47452", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:06:13.123Z", "dateReserved": "2024-05-21T14:58:30.833Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-22T06:19:42.721Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: skip netdev events generated on netns removal\n\nsyzbot reported following (harmless) WARN:\n\n WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468\n nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]\n nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]\n __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524\n nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline]\n nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382\n\nreproducer:\nunshare -n bash -c 'ip link add br0 type bridge; nft add table netdev t ; \\\n nft add chain netdev t ingress \\{ type filter hook ingress device \"br0\" \\\n priority 0\\; policy drop\\; \\}'\n\nProblem is that when netns device exit hooks create the UNREGISTER\nevent, the .pre_exit hook for nf_tables core has already removed the\nbase hook. Notifier attempts to do this again.\n\nThe need to do base hook unregister unconditionally was needed in the past,\nbecause notifier was last stage where reg->dev dereference was safe.\n\nNow that nf_tables does the hook removal in .pre_exit, this isn't\nneeded anymore."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: omitir eventos de netdev generados al eliminar netns syzbot inform\u00f3 lo siguiente (inofensivo) ADVERTENCIA: ADVERTENCIA: CPU: 1 PID: 2648 en net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [en l\u00ednea] nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [en l\u00ednea] __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524 nft_netdev_event net/netfilter/nft_ filtro_cadena.c: 351 [en l\u00ednea] nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382 reproductor: dejar de compartir -n bash -c 'ip link agregar puente tipo br0; nft agregar tabla netdev t; \\ nft add chain netdev t ingress \\{ tipo filtro gancho ingreso dispositivo \"br0\" \\ prioridad 0\\; ca\u00edda de la pol\u00edtica\\; \\}' El problema es que cuando los ganchos de salida del dispositivo netns crean el evento UNREGISTER, el gancho .pre_exit para nf_tables core ya ha eliminado el gancho base. Notifier intenta hacer esto nuevamente. La necesidad de cancelar el registro del enlace base incondicionalmente era necesaria en el pasado, porque el notificador era la \u00faltima etapa donde la desreferencia reg->dev era segura. Ahora que nf_tables elimina el gancho en .pre_exit, esto ya no es necesario."}], "id": "CVE-2021-47452", "lastModified": "2024-05-22T12:46:53.887", "metrics": {}, "published": "2024-05-22T07:15:10.300", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/90c7c58aa2bd02c65a4c63b7dfe0b16eab12cf9f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: netfilter: nf_tables: skip netdev events generated on netns removal", "id": "2282906", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282906"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nf_tables: skip netdev events generated on netns removal\nsyzbot reported following (harmless) WARN:\nWARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468\nnft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline]\nnf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline]\n__nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524\nnft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline]\nnf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382\nreproducer:\nunshare -n bash -c 'ip link add br0 type bridge; nft add table netdev t ; \\\nnft add chain netdev t ingress \\{ type filter hook ingress device \"br0\" \\\npriority 0\\; policy drop\\; \\}'\nProblem is that when netns device exit hooks create the UNREGISTER\nevent, the .pre_exit hook for nf_tables core has already removed the\nbase hook. Notifier attempts to do this again.\nThe need to do base hook unregister unconditionally was needed in the past,\nbecause notifier was last stage where reg->dev dereference was safe.\nNow that nf_tables does the hook removal in .pre_exit, this isn't\nneeded anymore."], "name": "CVE-2021-47452", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47452\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47452\nhttps://lore.kernel.org/linux-cve-announce/2024052243-CVE-2021-47452-40cb@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 5.14.15, kernel 5.15"}