THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2021-47452

netfilter: nf_tables: skip netdev events generated on netns removal

Assigner:Linux (416baaa9-dc9f-4396-8d5f-8c081fb06d67)
Reserved:2024-05-21
Published:2024-05-22
Updated:2024-06-10

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter/nf_tables_api.c:230 [inline] nf_tables_unregister_hook include/net/netfilter/nf_tables.h:1090 [inline] __nft_release_basechain+0x138/0x640 net/netfilter/nf_tables_api.c:9524 nft_netdev_event net/netfilter/nft_chain_filter.c:351 [inline] nf_tables_netdev_event+0x521/0x8a0 net/netfilter/nft_chain_filter.c:382 reproducer: unshare -n bash -c 'ip link add br0 type bridge; nft add table netdev t ; \ nft add chain netdev t ingress \{ type filter hook ingress device "br0" \ priority 0\; policy drop\; \}' Problem is that when netns device exit hooks create the UNREGISTER event, the .pre_exit hook for nf_tables core has already removed the base hook. Notifier attempts to do this again. The need to do base hook unregister unconditionally was needed in the past, because notifier was last stage where reg->dev dereference was safe. Now that nf_tables does the hook removal in .pre_exit, this isn't needed anymore.

Product status

Default status
unaffected

767d1216bff8 before 90c7c58aa2bd
affected

767d1216bff8 before 68a3765c659f
affected

Default status
affected

5.11
affected

Any version before 5.11
unaffected

5.14.15
unaffected

5.15
unaffected

References

https://git.kernel.org/stable/c/90c7c58aa2bd02c65a4c63b7dfe0b16eab12cf9f

https://git.kernel.org/stable/c/68a3765c659f809dcaac20030853a054646eb739

cve.org CVE-2021-47452

nvd.nist.gov CVE-2021-47452

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-47452