CVE-2021-47309

Name of the Vulnerable Software and Affected Versions Linux kernel version 5.13.0+

Description The issue arises from the skb tunnel info() function returning a pointer of lwtstate->data as ip tunnel info type without validation. lwtstate->data can have various types, such as mpls iptunnel encap, which are not compatible with ip tunnel info. This leads to a slab-out-of-bounds error in vxlan get route(). The error is identified by the KASAN (Kernel Address Sanitizer) with a read of size 2 at a specific address by the task ping. The call trace includes functions like dump stack lvl, print address description, vxlan get route, vxlan xmit one, vxlan xmit, dev hard start xmit, dev queue xmit, neigh xmit, mpls xmit, lwtunnel xmit, and ip finish output2.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.