CVE-2021-47397

Published May 21, 2024

Last updated 4 months ago

CVSS medium 5.5

Overview

Description: In the Linux kernel, the following vulnerability has been resolved: sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb We should always check if skb_header_pointer's return is NULL before using it, otherwise it may cause null-ptr-deref, as syzbot reported: KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_rcv_ootb net/sctp/input.c:705 [inline] RIP: 0010:sctp_rcv+0x1d84/0x3220 net/sctp/input.c:196 Call Trace: <IRQ> sctp6_rcv+0x38/0x60 net/sctp/ipv6.c:1109 ip6_protocol_deliver_rcu+0x2e9/0x1ca0 net/ipv6/ip6_input.c:422 ip6_input_finish+0x62/0x170 net/ipv6/ip6_input.c:463 NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ip6_input+0x9c/0xd0 net/ipv6/ip6_input.c:472 dst_input include/net/dst.h:460 [inline] ip6_rcv_finish net/ipv6/ip6_input.c:76 [inline] NF_HOOK include/linux/netfilter.h:307 [inline] NF_HOOK include/linux/netfilter.h:301 [inline] ipv6_rcv+0x28c/0x3c0 net/ipv6/ip6_input.c:297
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-476

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "71991869-C1C9-4F7C-B9D3-9402D9418DE2",
            "versionEndExcluding": "4.14.249",
            "versionStartIncluding": "4.8"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21C23429-F802-4256-B3C2-9EEA76AC11FF",
            "versionEndExcluding": "4.19.209",
            "versionStartIncluding": "4.15"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFFC8E38-107A-4B6F-9FFD-9B2FD8B89EF0",
            "versionEndExcluding": "5.4.151",
            "versionStartIncluding": "4.20"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60C740E4-6C54-40CD-A914-2232D8FC781D",
            "versionEndExcluding": "5.10.71",
            "versionStartIncluding": "5.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A437B0D-8305-4C72-B691-D26986A126CF",
            "versionEndExcluding": "5.14.10",
            "versionStartIncluding": "5.11"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References