CVE-2021-47243

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The TCP option parser in the Linux kernel's cake qdisc could read one byte out of bounds when parsing TCP options and headers. This occurs when the length is 1, and the execution flow reads one byte of the opcode. If the opcode is neither TCPOPT EOL nor TCPOPT NOP, it reads one more byte, exceeding the length of 1. The fix adds doff validation in cake get tcphdr to avoid parsing garbage as a TCP header. Garbage values could be read where CAKE expected the TCP header if doff was smaller than 5.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.