CVE-2021-47312

Published: May 21, 2024

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix dereference of null pointer flow In the case where chain->flags & NFT_CHAIN_HW_OFFLOAD is false then nft_flow_rule_create is not called and flow is NULL. The subsequent error handling execution via label err_destroy_flow_rule will lead to a null pointer dereference on flow when calling nft_flow_rule_destroy. Since the error path to err_destroy_flow_rule has to cater for null and non-null flows, only call nft_flow_rule_destroy if flow is non-null to fix this issue. Addresses-Coverity: ("Explicity null dereference")

Vendor	Product	Versions
Linux	Linux	affected `09b1f676e2e0bbff67c568672c565c6f31470157 - < 70a5a1950cca02c5cd161bb3846b4d983eed97d3` affected `3c5e44622011b9ea21bd425875dcccfc9a158f5f - < 4ca041f919f13783b0b03894783deee00dbca19a`
Linux	Linux	affected `5.13.2 - < 5.13.5`

References

https://git.kernel.org/stable/c/70a5a1950cca02c5cd161bb3846b4d983eed97d3

https://git.kernel.org/stable/c/4ca041f919f13783b0b03894783deee00dbca19a

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-47312

Description

Affected Products

References