PT-2024-11404 · Linux+6 · Linux Kernel+6

Syzbot

Published

2021-09-17

Updated

2024-11-01

CVE-2021-47408

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The vulnerability is related to the netfilter conntrack module in the Linux kernel. Syzbot was able to trigger a warning by running two scripts in parallel, changing conntrack hash sizes. This caused the nf ct iterate cleanup() function to restart every time a resize happened, leading to a delay of over 5 minutes for net namespace structures to be cleaned up. The patch adds a mutex to serialize hash resizes and cleanups, making get next corpse() faster by skipping over empty buckets. This patch also speeds up network namespace dismantles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667

Related Identifiers

ALSA-2024:5101

ALSA-2024:5102

BDU:2025-14332

CESA-2024_5101

CESA-2024_5102

CVE-2021-47408

INFSA-2024_5101

INFSA-2024_5102

OESA-2024-1692

OPENSUSE-SU-2024_2189-1

RHSA-2024:5101

RHSA-2024:5102

RHSA-2024_5101

RHSA-2024_5102

RLSA-2024:5101

RLSA-2024:5102

RXSA-2024:5101

SUSE-SU-2024:2008-1

SUSE-SU-2024:2011-1

SUSE-SU-2024:2019-1

SUSE-SU-2024:2189-1

SUSE-SU-2024:2190-1

SUSE-SU-2024:3566-1

Affected Products

Almalinux

Astra Linux

Centos

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2024-11404 · Linux+6 · Linux Kernel+6

CVE-2021-47408

Weakness Enumeration

Related Identifiers

Affected Products

References · 2001