CVE-2021-47291

Published: May 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 ("ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions"). We additionally need to take care of fib6_metrics initialization failure when the caller provides an nh. The fix is similar, explicitly free the route instead of calling fib6_info_release on a half-initialized object.

Vendor	Product	Versions
Linux	Linux	affected `f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 - < 830251361425c5be044db4d826aaf304ea3d14c6` affected `f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 - < ce8fafb68051fba52546f8bbe8621f7641683680` affected `f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 - < 115784bcccf135c3a3548098153413d76f16aae0` affected `f88d8ea67fbdbac7a64bfa6ed9a2ba27bb822f74 - < 8fb4792f091e608a0a1d353dfdf07ef55a719db5`
Linux	Linux	affected `5.3` unaffected `0 - < 5.3` unaffected `5.4.136 - <= 5.4.` unaffected `5.10.54 - <= 5.10.` unaffected `5.13.6 - <= 5.13.*` +1 more versions

References

https://git.kernel.org/stable/c/830251361425c5be044db4d826aaf304ea3d14c6

https://git.kernel.org/stable/c/ce8fafb68051fba52546f8bbe8621f7641683680

https://git.kernel.org/stable/c/115784bcccf135c3a3548098153413d76f16aae0

https://git.kernel.org/stable/c/8fb4792f091e608a0a1d353dfdf07ef55a719db5

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-47291

Description

Affected Products

References