CVE-2021-47223

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.13

Description The issue is related to a null pointer dereference in the Linux kernel's bridge tunnel due to lockless access in the tunnel egress path. When a VLAN tunnel is deleted, the tunnel dst pointer is set to NULL without waiting for a grace period, and packets egressing are dereferencing it without checking. The patch fixes this by using READ/WRITE ONCE to annotate the lockless use of tunnel id and RCU for accessing tunnel dst, ensuring it is read only once and checked in the egress path.

Recommendations To resolve the issue, upgrade the Linux kernel to version 5.12.13 or later. As a temporary workaround, consider disabling the VLAN tunnel functionality until a patch is available. Restrict access to the vulnerable tunnel dst pointer to minimize the risk of exploitation. Avoid using the tunnel id variable in the affected code path until the issue is resolved.