CVE-2021-47109 : In the Linux kernel, the following vulnerability has been resolved: neighbour:

In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid connections after that. This behaviour is more prevalent after commit 58956317c8de ("neighbor: Improve garbage collection") is applied, as it prevents removal from entries that are not NUD_FAILED, unless they are more than 5s old.

Published 2024-03-15 21:15:06

Updated 2025-02-27 03:20:09

Source Linux

View at NVD, CVE.org

Products affected by CVE-2021-47109

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.12.10
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.0 and before (<) 5.4.125
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 5.5 and before (<) 5.10.43
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC1
cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC2
cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC3
cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC4
cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC5
cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 5.13 Update RC6
cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-47109

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-47109

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST	2025-02-27
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-47109

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-47109

https://git.kernel.org/stable/c/d17d47da59f726dc4c87caebda3a50333d7e2fd3

neighbour: allow NUD_NOARP entries to be forced GCed - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/d99029e6aab62aef0a0251588b2867e77e83b137

neighbour: allow NUD_NOARP entries to be forced GCed - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/7a6b1ab7475fd6478eeaf5c9d1163e7a18125c8f

neighbour: allow NUD_NOARP entries to be forced GCed - kernel/git/stable/linux.git - Linux kernel stable tree
Patch
https://git.kernel.org/stable/c/ddf088d7aaaaacfc836104f2e632b29b1d383cfc

neighbour: allow NUD_NOARP entries to be forced GCed - kernel/git/stable/linux.git - Linux kernel stable tree
Patch

Jump to

Vulnerability Details : CVE-2021-47109

Products affected by CVE-2021-47109

Exploit prediction scoring system (EPSS) score for CVE-2021-47109

CVSS scores for CVE-2021-47109

CWE ids for CVE-2021-47109

References for CVE-2021-47109