CVE-2021-47245

21.05.2024, 15:15

In the Linux kernel, the following vulnerability has been resolved:

netfilter: synproxy: Fix out of bounds when parsing TCP options

The TCP option parser in synproxy (synproxy_parse_options) could read
one byte out of bounds. When the length is 1, the execution flow gets
into the loop, reads one byte of the opcode, and if the opcode is
neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds
the length of 1.

This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack
out of bounds when parsing TCP options.").

v2 changes:

Added an early return when length < 0 to avoid calling
skb_header_pointer with negative length.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Linux	CNA	---				---
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 13%

Vendor	Product	Version
linux	linux_kernel	3.12 ≤ 𝑥 < 4.4.274
linux	linux_kernel	4.5 ≤ 𝑥 < 4.9.274
linux	linux_kernel	4.10 ≤ 𝑥 < 4.14.238
linux	linux_kernel	4.15 ≤ 𝑥 < 4.19.196
linux	linux_kernel	4.20 ≤ 𝑥 < 5.4.128
linux	linux_kernel	5.5 ≤ 𝑥 < 5.10.46
linux	linux_kernel	5.11 ≤ 𝑥 < 5.12.13
linux	linux_kernel	5.13:rc1
linux	linux_kernel	5.13:rc2
linux	linux_kernel	5.13:rc3
linux	linux_kernel	5.13:rc4
linux	linux_kernel	5.13:rc5
linux	linux_kernel	5.13:rc6

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 fixed
bullseye (security)	5.10.226-1 fixed
bookworm	6.1.106-3 fixed
bookworm (security)	6.1.112-1 fixed
trixie	6.11.5-1 fixed
sid	6.11.6-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

linux

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	Fixed 5.4.0-81.91 released
bionic	pending
xenial	ignored
trusty	ignored

linux-allwinner-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-aws

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	Fixed 5.4.0-1055.58 released
bionic	pending
xenial	ignored
trusty	ignored

linux-aws-5.0

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-aws-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-aws-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-aws-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-aws-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-aws-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-aws-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-aws-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-aws-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-aws-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-aws-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-aws-hwe

noble	dne
mantic	dne
jammy	dne
focal	dne
xenial	Fixed 4.15.0-1111.118~16.04.1 released

linux-azure

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	Fixed 5.4.0-1056.58 released
bionic	ignored
xenial	Fixed 4.15.0-1123.136~16.04.1 released
trusty	Fixed 4.15.0-1123.136~14.04.1 released

linux-azure-4.15

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-azure-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-azure-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-azure-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-azure-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-azure-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-azure-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-azure-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-azure-edge

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-azure-fde

noble	dne
mantic	dne
jammy	not-affected
focal	ignored

linux-azure-fde-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-azure-fde-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-fde-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-azure-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-bluefield

noble	dne
mantic	dne
jammy	dne
focal	Fixed 5.4.0-1019.22 released

linux-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-gcp

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	Fixed 5.4.0-1051.55 released
bionic	ignored
xenial	Fixed 4.15.0-1108.122~16.04.1 released

linux-gcp-4.15

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-gcp-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gcp-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gcp-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-gcp-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-gcp-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-gcp-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-gcp-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gcp-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-gcp-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-gcp-fips

noble	dne
mantic	dne
jammy	dne
focal	dne

linux-gke

noble	not-affected
mantic	dne
jammy	not-affected
focal	ignored

linux-gke-4.15

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-gke-5.15

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-gke-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-gkeop

noble	dne
mantic	dne
jammy	not-affected
focal	Fixed 5.4.0-1022.23 released

linux-gkeop-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-gkeop-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-hwe

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored
xenial	Fixed 4.15.0-156.163~16.04.1 released

linux-hwe-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-hwe-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-hwe-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-hwe-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-hwe-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-hwe-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-hwe-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-hwe-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-hwe-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-hwe-edge

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored
xenial	ignored

linux-ibm

noble	not-affected
mantic	ignored
jammy	not-affected
focal	not-affected

linux-ibm-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-ibm-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	not-affected

linux-intel

noble	not-affected
mantic	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-intel-iot-realtime

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-intel-iotg

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-intel-iotg-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-iot

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-kvm

noble	dne
mantic	dne
jammy	not-affected
focal	Fixed 5.4.0-1045.47 released
bionic	pending
xenial	ignored

linux-laptop

noble	dne
mantic	not-affected
jammy	dne
focal	dne

linux-lowlatency

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	dne

linux-lowlatency-hwe-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-lowlatency-hwe-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-lowlatency-hwe-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-lowlatency-hwe-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-lowlatency-hwe-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-lts-xenial

noble	dne
mantic	dne
jammy	dne
focal	dne
trusty	ignored

linux-nvidia

noble	not-affected
mantic	dne
jammy	not-affected
focal	dne

linux-nvidia-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-nvidia-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-nvidia-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-nvidia-lowlatency

noble	not-affected
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oem

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-oem-5.10

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-5.14

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-5.17

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-oem-5.6

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oem-6.0

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-oem-6.1

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-oem-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-oem-6.8

noble	not-affected
mantic	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-oracle

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	Fixed 5.4.0-1053.57 released
bionic	pending
xenial	Fixed 4.15.0-1080.88~16.04.1 released

linux-oracle-5.0

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-oracle-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oracle-5.13

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oracle-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-oracle-5.3

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	ignored

linux-oracle-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-oracle-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-oracle-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-raspi

noble	not-affected
mantic	not-affected
jammy	not-affected
focal	Fixed 5.4.0-1042.46 released

linux-raspi-5.4

noble	dne
mantic	dne
jammy	dne
focal	dne
bionic	pending

linux-raspi-realtime

noble	dne
jammy	dne
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-raspi2

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-realtime

noble	dne
jammy	ignored
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-riscv

noble	not-affected
mantic	not-affected
jammy	ignored
focal	ignored

linux-riscv-5.11

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-riscv-5.15

noble	dne
mantic	dne
jammy	dne
focal	not-affected

linux-riscv-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-riscv-5.8

noble	dne
mantic	dne
jammy	dne
focal	ignored

linux-riscv-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-riscv-6.8

noble	dne
jammy	not-affected
focal	dne
bionic	dne
xenial	dne
trusty	dne

linux-starfive

noble	dne
mantic	not-affected
jammy	dne
focal	dne

linux-starfive-5.19

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-starfive-6.2

noble	dne
mantic	dne
jammy	ignored
focal	dne

linux-starfive-6.5

noble	dne
mantic	dne
jammy	not-affected
focal	dne

linux-xilinx-zynqmp

noble	dne
mantic	dne
jammy	not-affected
focal	not-affected

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4

https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915

https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1

https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98

https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b

https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02

https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8

https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b