CVE-2021-47146 (GCVE-0-2021-47146)

Vulnerability from cvelistv5 – Published: 2024-03-25 09:07 – Updated: 2025-05-04 07:05
VLAI?
Title
mld: fix panic in mld_newpack()
Summary
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1 (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 17728616a4c85baf0edc975c60ba4e4157684d9a (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 221142038f36d9f28b64e83e954774da4d4ccd17 (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 4b77ad9097067b31237eeeee0bf70f80849680a0 (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 37d697759958d111439080bab7e14d2b0e7b39f5 (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < beb39adb150f8f3b516ddf7c39835a9788704d23 (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < a76fb9ba545289379acf409653ad5f74417be59c (git)
Affected: 72e09ad107e78d69ff4d3b97a69f0aad2b77280f , < 020ef930b826d21c5446fdc9db80fd72a791bc21 (git)
Create a notification for this product.
    Linux Linux Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.4.271 , ≤ 4.4.* (semver)
Unaffected: 4.9.271 , ≤ 4.9.* (semver)
Unaffected: 4.14.235 , ≤ 4.14.* (semver)
Unaffected: 4.19.193 , ≤ 4.19.* (semver)
Unaffected: 5.4.124 , ≤ 5.4.* (semver)
Unaffected: 5.10.42 , ≤ 5.10.* (semver)
Unaffected: 5.12.9 , ≤ 5.12.* (semver)
Unaffected: 5.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:24:39.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47146",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:54:54.361995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:13.921Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/mcast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "17728616a4c85baf0edc975c60ba4e4157684d9a",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "221142038f36d9f28b64e83e954774da4d4ccd17",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "4b77ad9097067b31237eeeee0bf70f80849680a0",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "37d697759958d111439080bab7e14d2b0e7b39f5",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "beb39adb150f8f3b516ddf7c39835a9788704d23",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "a76fb9ba545289379acf409653ad5f74417be59c",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            },
            {
              "lessThan": "020ef930b826d21c5446fdc9db80fd72a791bc21",
              "status": "affected",
              "version": "72e09ad107e78d69ff4d3b97a69f0aad2b77280f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/mcast.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.4.*",
              "status": "unaffected",
              "version": "4.4.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.9.*",
              "status": "unaffected",
              "version": "4.9.271",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.235",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.193",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.124",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.12.*",
              "status": "unaffected",
              "version": "5.12.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.4.271",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.9.271",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.14.235",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.193",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.124",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.42",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.12.9",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.13",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmld: fix panic in mld_newpack()\n\nmld_newpack() doesn\u0027t allow to allocate high order page,\nonly order-0 allocation is allowed.\nIf headroom size is too large, a kernel panic could occur in skb_put().\n\nTest commands:\n    ip netns del A\n    ip netns del B\n    ip netns add A\n    ip netns add B\n    ip link add veth0 type veth peer name veth1\n    ip link set veth0 netns A\n    ip link set veth1 netns B\n\n    ip netns exec A ip link set lo up\n    ip netns exec A ip link set veth0 up\n    ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0\n    ip netns exec B ip link set lo up\n    ip netns exec B ip link set veth1 up\n    ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1\n    for i in {1..99}\n    do\n        let A=$i-1\n        ip netns exec A ip link add ip6gre$i type ip6gre \\\n\tlocal 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100\n        ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i\n        ip netns exec A ip link set ip6gre$i up\n\n        ip netns exec B ip link add ip6gre$i type ip6gre \\\n\tlocal 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100\n        ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i\n        ip netns exec B ip link set ip6gre$i up\n    done\n\nSplat looks like:\nkernel BUG at net/core/skbuff.c:110!\ninvalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI\nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:skb_panic+0x15d/0x15f\nCode: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83\n41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff \u003c0f\u003e 0b 48 8b 6c 24 20 89\n34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20\nRSP: 0018:ffff88810091f820 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000\nRDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb\nRBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031\nR10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028\nR13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0\nFS:  0000000000000000(0000) GS:ffff888117c00000(0000)\nknlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n skb_put.cold.104+0x22/0x22\n ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n ? rcu_read_lock_sched_held+0x91/0xc0\n mld_newpack+0x398/0x8f0\n ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600\n ? lock_contended+0xc40/0xc40\n add_grhead.isra.33+0x280/0x380\n add_grec+0x5ca/0xff0\n ? mld_sendpack+0xf40/0xf40\n ? lock_downgrade+0x690/0x690\n mld_send_initial_cr.part.34+0xb9/0x180\n ipv6_mc_dad_complete+0x15d/0x1b0\n addrconf_dad_completed+0x8d2/0xbb0\n ? lock_downgrade+0x690/0x690\n ? addrconf_rs_timer+0x660/0x660\n ? addrconf_dad_work+0x73c/0x10e0\n addrconf_dad_work+0x73c/0x10e0\n\nAllowing high order page allocation could fix this problem."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:05:01.944Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1"
        },
        {
          "url": "https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a"
        },
        {
          "url": "https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23"
        },
        {
          "url": "https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c"
        },
        {
          "url": "https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21"
        }
      ],
      "title": "mld: fix panic in mld_newpack()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47146",
    "datePublished": "2024-03-25T09:07:43.043Z",
    "dateReserved": "2024-03-04T18:12:48.845Z",
    "dateUpdated": "2025-05-04T07:05:01.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T05:24:39.987Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-47146\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T15:54:54.361995Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-11T12:42:15.564Z\"}}], \"cna\": {\"title\": \"mld: fix panic in mld_newpack()\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"17728616a4c85baf0edc975c60ba4e4157684d9a\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"221142038f36d9f28b64e83e954774da4d4ccd17\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"4b77ad9097067b31237eeeee0bf70f80849680a0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"37d697759958d111439080bab7e14d2b0e7b39f5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"beb39adb150f8f3b516ddf7c39835a9788704d23\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"a76fb9ba545289379acf409653ad5f74417be59c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"72e09ad107e78d69ff4d3b97a69f0aad2b77280f\", \"lessThan\": \"020ef930b826d21c5446fdc9db80fd72a791bc21\", \"versionType\": \"git\"}], \"programFiles\": [\"net/ipv6/mcast.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.6.35\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"2.6.35\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.4.271\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.4.*\"}, {\"status\": \"unaffected\", \"version\": \"4.9.271\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.9.*\"}, {\"status\": \"unaffected\", \"version\": \"4.14.235\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.14.*\"}, {\"status\": \"unaffected\", \"version\": \"4.19.193\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.124\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.42\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.12.9\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.12.*\"}, {\"status\": \"unaffected\", \"version\": \"5.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"net/ipv6/mcast.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1\"}, {\"url\": \"https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a\"}, {\"url\": \"https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17\"}, {\"url\": \"https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0\"}, {\"url\": \"https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5\"}, {\"url\": \"https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23\"}, {\"url\": \"https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c\"}, {\"url\": \"https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmld: fix panic in mld_newpack()\\n\\nmld_newpack() doesn\u0027t allow to allocate high order page,\\nonly order-0 allocation is allowed.\\nIf headroom size is too large, a kernel panic could occur in skb_put().\\n\\nTest commands:\\n    ip netns del A\\n    ip netns del B\\n    ip netns add A\\n    ip netns add B\\n    ip link add veth0 type veth peer name veth1\\n    ip link set veth0 netns A\\n    ip link set veth1 netns B\\n\\n    ip netns exec A ip link set lo up\\n    ip netns exec A ip link set veth0 up\\n    ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0\\n    ip netns exec B ip link set lo up\\n    ip netns exec B ip link set veth1 up\\n    ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1\\n    for i in {1..99}\\n    do\\n        let A=$i-1\\n        ip netns exec A ip link add ip6gre$i type ip6gre \\\\\\n\\tlocal 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100\\n        ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i\\n        ip netns exec A ip link set ip6gre$i up\\n\\n        ip netns exec B ip link add ip6gre$i type ip6gre \\\\\\n\\tlocal 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100\\n        ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i\\n        ip netns exec B ip link set ip6gre$i up\\n    done\\n\\nSplat looks like:\\nkernel BUG at net/core/skbuff.c:110!\\ninvalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI\\nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891\\nWorkqueue: ipv6_addrconf addrconf_dad_work\\nRIP: 0010:skb_panic+0x15d/0x15f\\nCode: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83\\n41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff \u003c0f\u003e 0b 48 8b 6c 24 20 89\\n34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20\\nRSP: 0018:ffff88810091f820 EFLAGS: 00010282\\nRAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000\\nRDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb\\nRBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031\\nR10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028\\nR13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0\\nFS:  0000000000000000(0000) GS:ffff888117c00000(0000)\\nknlGS:0000000000000000\\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\nCR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0\\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\\nCall Trace:\\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\\n skb_put.cold.104+0x22/0x22\\n ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\\n ? rcu_read_lock_sched_held+0x91/0xc0\\n mld_newpack+0x398/0x8f0\\n ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600\\n ? lock_contended+0xc40/0xc40\\n add_grhead.isra.33+0x280/0x380\\n add_grec+0x5ca/0xff0\\n ? mld_sendpack+0xf40/0xf40\\n ? lock_downgrade+0x690/0x690\\n mld_send_initial_cr.part.34+0xb9/0x180\\n ipv6_mc_dad_complete+0x15d/0x1b0\\n addrconf_dad_completed+0x8d2/0xbb0\\n ? lock_downgrade+0x690/0x690\\n ? addrconf_rs_timer+0x660/0x660\\n ? addrconf_dad_work+0x73c/0x10e0\\n addrconf_dad_work+0x73c/0x10e0\\n\\nAllowing high order page allocation could fix this problem.\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.4.271\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.9.271\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.14.235\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.193\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.124\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.42\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.12.9\", \"versionStartIncluding\": \"2.6.35\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.13\", \"versionStartIncluding\": \"2.6.35\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2025-05-04T07:05:01.944Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-47146\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-04T07:05:01.944Z\", \"dateReserved\": \"2024-03-04T18:12:48.845Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-03-25T09:07:43.043Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.