PT-2021-4231 · Linux+2 · Linux Kernel+2

Published

2021-04-12

Updated

2023-05-17

CVE-2021-38209

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.2

Description The issue is related to the NF SYSCTL CT MAX, NF SYSCTL CT EXPECT MAX, and NF SYSCTL CT BUCKETS sysctls in the net/netfilter/nf conntrack standalone.c component of the Linux kernel. It allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This can potentially allow an attacker to disclose protected information.

Recommendations For Linux kernel versions prior to 5.12.2, update to version 5.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the net/netfilter/nf conntrack standalone.c component to minimize the risk of exploitation. Additionally, restrict the use of the NF SYSCTL CT MAX, NF SYSCTL CT EXPECT MAX, and NF SYSCTL CT BUCKETS sysctls until the issue is resolved.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALT-PU-2021-1833

ALT-PU-2021-1888

ALT-PU-2021-1896

ALT-PU-2021-1990

ALT-PU-2021-3481

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2023-1814

AZL-6593

BDU:2021-04837

CVE-2021-38209

OESA-2021-1318

OPENSUSE-SU-2021:3179-1

OPENSUSE-SU-2021:3205-1

OPENSUSE-SU-2021_3179-1

OPENSUSE-SU-2021_3205-1

SUSE-SU-2021:3179-1

SUSE-SU-2021:3205-1

SUSE-SU-2021:3205-2

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2021-4231 · Linux+2 · Linux Kernel+2

CVE-2021-38209

Weakness Enumeration

Related Identifiers

Affected Products

References · 182