PT-2021-2458 · Linux+5 · Linux Kernel+5

Michael Braun

·

Published

2021-03-05

·

Updated

2023-05-17

·

CVE-2021-29264

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.11.10
Description An issue in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash due to a negative fragment size calculation when jumbo packets are used and NAPI is enabled, particularly in situations involving an rx queue overrun. The vulnerability is related to incorrect buffer size calculation.
Recommendations For Linux kernel versions through 5.11.10, consider disabling the use of jumbo packets or NAPI to minimize the risk of exploitation until a patch is available. Restrict access to the Freescale Gianfar Ethernet driver to prevent potential system crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-682

Related Identifiers

ALT-PU-2021-1582
ALT-PU-2021-1609
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
AZL-6546
BDU:2021-01824
CVE-2021-29264
DLA-2690-1
DLA-2940-1
OESA-2021-1176
OPENSUSE-SU-2021:0532-1
OPENSUSE-SU-2021:0758-1
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_0532-1
OPENSUSE-SU-2021_0758-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
SUSE-SU-2021:1175-1
SUSE-SU-2021:1176-1
SUSE-SU-2021:1177-1
SUSE-SU-2021:1210-1
SUSE-SU-2021:1211-1
SUSE-SU-2021:1238-1
SUSE-SU-2021:1573-1
SUSE-SU-2021:1596-1
SUSE-SU-2021:1617-1
SUSE-SU-2021:1623-1
SUSE-SU-2021:1624-1
SUSE-SU-2021:1625-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
USN-4946-1
USN-4948-1
USN-4949-1
USN-4982-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu