PT-2021-8274 · Linux+3 · Linux Kernel+3

Davide Caratti

·

Published

2021-04-28

·

Updated

2025-01-27

·

CVE-2021-46955

CVSS v3.1

7.1

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-rc6+
Description The vulnerability is related to a stack out-of-bounds read in the ip do fragment function when fragmenting IPv4 packets. This occurs when the ovs fragment function uses a temporary struct dst entry and the pointer to this structure is used as a pointer to struct rtable, leading to an out-of-bounds read in the stack. The issue can be fixed by changing the temporary variable used for IPv4 packets in ovs fragment, similar to what is done for IPv6.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the stack out-of-bounds read in ip do fragment. As a temporary workaround, consider disabling the ovs fragment function until a patch is available. Restrict access to the vulnerable openvswitch module to minimize the risk of exploitation. Avoid using the ip do fragment function in the affected API endpoint until the issue is resolved.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2025-00824
CVE-2021-46955
OESA-2024-1345
OESA-2024-1346
OPENSUSE-SU-2024_1642-1
OPENSUSE-SU-2024_3651-1
OPENSUSE-SU-2024_3652-1
OPENSUSE-SU-2024_3798-1
OPENSUSE-SU-2024_3814-1
OPENSUSE-SU-2024_4256-1
OPENSUSE-SU-2024_4264-1
OPENSUSE-SU-2025_0101-1
OPENSUSE-SU-2025_0106-1
OPENSUSE-SU-2025_0240-1
OPENSUSE-SU-2025_0244-1
SUSE-SU-2024:1642-1
SUSE-SU-2024:1643-1
SUSE-SU-2024:1645-1
SUSE-SU-2024:1650-1
SUSE-SU-2024:1983-1
SUSE-SU-2024:2109-1
SUSE-SU-2024:2115-1
SUSE-SU-2024:2120-1
SUSE-SU-2024:2121-1
SUSE-SU-2024:2123-1
SUSE-SU-2024:2124-1
SUSE-SU-2024:2130-1
SUSE-SU-2024:2139-1
SUSE-SU-2024:2143-1
SUSE-SU-2024:2145-1
SUSE-SU-2024:2147-1
SUSE-SU-2024:2148-1
SUSE-SU-2024:2184-1
SUSE-SU-2024:2202-1
SUSE-SU-2024:2343-1
SUSE-SU-2024:2344-1
SUSE-SU-2024:2357-1
SUSE-SU-2024:2373-1
SUSE-SU-2024:2558-1
SUSE-SU-2024:2559-1
SUSE-SU-2024:2740-1
SUSE-SU-2024:2755-1
SUSE-SU-2024:2758-1
SUSE-SU-2024:2773-1
SUSE-SU-2024:2821-1
SUSE-SU-2024:2822-1
SUSE-SU-2024:3015-1
SUSE-SU-2024:3034-1
SUSE-SU-2024:3037-1
SUSE-SU-2024:3043-1
SUSE-SU-2024:3044-1
SUSE-SU-2024:3048-1
SUSE-SU-2024:3642-1
SUSE-SU-2024:3649-1
SUSE-SU-2024:3651-1
SUSE-SU-2024:3652-1
SUSE-SU-2024:3662-1
SUSE-SU-2024:3663-1
SUSE-SU-2024:3796-1
SUSE-SU-2024:3798-1
SUSE-SU-2024:3803-1
SUSE-SU-2024:3814-1
SUSE-SU-2024:3820-1
SUSE-SU-2024:3821-1
SUSE-SU-2024:4226-1
SUSE-SU-2024:4242-1
SUSE-SU-2024:4249-1
SUSE-SU-2024:4256-1
SUSE-SU-2024:4263-1
SUSE-SU-2024:4264-1
SUSE-SU-2024_1642-1
SUSE-SU-2024_1650-1
SUSE-SU-2025:0091-1
SUSE-SU-2025:0101-1
SUSE-SU-2025:0103-1
SUSE-SU-2025:0106-1
SUSE-SU-2025:0240-1
SUSE-SU-2025:0244-1
USN-6739-1

Affected Products

Astra Linux
Linux Kernel
Suse
Ubuntu