1. Home
  2. Vulnerabilities
  3. CVE-2021-46992
7.1
HIGH CVSS 3.1
CVE-2021-46992
netfilter: nftables: avoid overflows in nft_hash_buckets()
Description

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 __roundup_pow_of_two include/linux/log2.h:57 [inline] nft_hash_buckets net/netfilter/nft_set_hash.c:411 [inline] nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652 nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [inline] nf_tables_newset+0xe62/0x3110 net/netfilter/nf_tables_api.c:4322 nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46

INFO

Published Date :

Feb. 28, 2024, 9:15 a.m.

Last Modified :

Dec. 24, 2024, 2:34 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2021-46992 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
This vulnerability can be resolved by updating the Linux kernel packages.
  • Update the Linux kernel to a non-vulnerable version.
  • Reboot the system after updating the kernel.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-46992.

URL Resource
https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 Patch
https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b Patch
https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 Patch
https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b Patch
https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 Patch
https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 Patch
https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 Patch
https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 Patch
https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b Patch
https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 Patch
https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b Patch
https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 Patch
https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 Patch
https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-46992 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-46992 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-46992 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2021-46992 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Dec. 24, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
    Added CWE NIST CWE-125
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.9 up to (excluding) 4.14.233 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.15 up to (excluding) 4.19.191 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.38 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.11.22 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.12 up to (excluding) 5.12.5
    Changed Reference Type https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 No Types Assigned https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 Patch
    Changed Reference Type https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 No Types Assigned https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 Patch
    Changed Reference Type https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b No Types Assigned https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b Patch
    Changed Reference Type https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b No Types Assigned https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b Patch
    Changed Reference Type https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 No Types Assigned https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 Patch
    Changed Reference Type https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 No Types Assigned https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 Patch
    Changed Reference Type https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b No Types Assigned https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b Patch
    Changed Reference Type https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b No Types Assigned https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b Patch
    Changed Reference Type https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 No Types Assigned https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 Patch
    Changed Reference Type https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 No Types Assigned https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 Patch
    Changed Reference Type https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 No Types Assigned https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 Patch
    Changed Reference Type https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 No Types Assigned https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 Patch
    Changed Reference Type https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 No Types Assigned https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 Patch
    Changed Reference Type https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 No Types Assigned https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475
    Added Reference https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b
    Added Reference https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7
    Added Reference https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b
    Added Reference https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449
    Added Reference https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787
    Added Reference https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 28, 2024

    Action Type Old Value New Value
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Feb. 28, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: avoid overflows in nft_hash_buckets() Number of buckets being stored in 32bit variables, we have to ensure that no overflows occur in nft_hash_buckets() syzbot injected a size == 0x40000000 and reported: UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13 shift exponent 64 is too large for 64-bit type 'long unsigned int' CPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x141/0x1d7 lib/dump_stack.c:120 ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 __roundup_pow_of_two include/linux/log2.h:57 [inline] nft_hash_buckets net/netfilter/nft_set_hash.c:411 [inline] nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652 nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [inline] nf_tables_newset+0xe62/0x3110 net/netfilter/nf_tables_api.c:4322 nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
    Added Reference Linux https://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475 [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b [No types assigned]
    Added Reference Linux https://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.1
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact