CVE-2021-47136

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-rc7+

Description The issue arises from the function skb ext add() not initializing the created skb extension with any value, leaving it to the user. Originally, the TC SKB EXT extension contained only a single value tc skb ext->chain, and its users would assign the chain value without setting the whole extension memory to zero first. However, when TC SKB EXT was extended with additional fields, not all users were updated to initialize these new fields, leading to the use of uninitialized memory. This is evident from the UBSAN log, which reports an invalid load in net/openvswitch/flow.c due to a non-valid value for type Bool. The vulnerability is related to the use of uninitialized memory, which can lead to unpredictable behavior.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the skb ext add() function properly initializes the skb extension to prevent the use of uninitialized memory. As a temporary workaround, consider disabling the skb ext add() function or restricting its use until a patch is available. However, since the provided information does not specify a fixed version, it is crucial to monitor official Linux kernel updates and apply the patch as soon as it becomes available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.