CVE-2021-46954

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-rc6+

Description The vulnerability is related to a stack out-of-bounds read in the sch frag function when fragmenting IPv4 packets. This occurs when act mirred tries to fragment IPv4 packets that had been previously re-assembled using act ct. The issue arises from the use of a temporary struct dst entry in sch fragment(), which is then used as a pointer to struct rtable in the call graph, leading to an out-of-bounds read in the stack.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, the fix involves changing the temporary variable used for IPv4 packets in sch fragment(), similar to what is done for IPv6.

As a temporary workaround, consider disabling the sch fragment() function until a patch is available. However, this may have significant performance implications and should be carefully considered based on specific system requirements and constraints.

At the moment, there is no information about a newer version that contains a fix for this vulnerability, other than ensuring the kernel is updated beyond version 5.12.0-rc6+.