CVE-2021-47546

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel has a memory leak issue when a fib rule is present in IPv6 nftables firewall rules and a suppress prefix rule is present in the IPv6 routing rules. This leads to a memory leak in the ip6 dst cache slab cache with every incoming IPv6 packet. The problem arises from the generic args->flags always having FIB LOOKUP NOREF set, but the IPv6-specific flag RT6 LOOKUP F DST NOREF might not be, resulting in fib6 rule suppress not decreasing the refcount when needed.

To reproduce the issue, add a specific nftables rule to a prerouting chain and run a command to add a suppress prefix rule to the IPv6 routing rules. Then, monitor the memory usage of the ip6 dst cache slab cache to see it increase with every incoming IPv6 packet.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.