CVE-2021-47572

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc1+ #446

Description The Linux kernel has a vulnerability that can cause a null pointer dereference when IPv6 is not enabled. This occurs when trying to add an IPv6 nexthop, resulting in a call to ipv6 stub->fib6 nh release in the error path of nh create ipv6(). The bug has been present since the beginning of IPv6 nexthop gateway support. To fix this, the dummy stub's -EAFNOSUPPORT error should be returned directly without calling ipv6 stub->fib6 nh release in nh create ipv6()'s error path.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 5.16.0-rc1+ #446 are affected. As a temporary workaround, consider disabling the nh create ipv6() function until a patch is available. However, this may have unintended consequences and should be approached with caution.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.