CVE-2021-47363

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-custom-10271-ga86eb53057fe

Description A division by zero error occurs when the data path sees a resilient nexthop group with zero buckets. The resilient nexthop group torture tests in fib nexthop.sh exposed this issue. The tests replace a resilient nexthop group in a loop while traffic is forwarded through it, resulting in the kernel allocating a stub resilient table with zero buckets. This table should never be visible to the data path, but the old nexthop group might still be used by the data path when the stub table is assigned to it. The fix involves only assigning the stub table to the old nexthop group after making sure the group is no longer used by the data path.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the division by zero error when replacing a resilient group. At the moment, there is no information about a newer version that contains a fix for this vulnerability.