CVE-2021-47597

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.16.0-rc3-syzkaller

Description A kernel-infoleak vulnerability has been reported in the Linux kernel, specifically in the UDP sockets. This vulnerability can be exploited by unprivileged users. The issue arises from the fact that UDP was not initializing the r->idiag expires variable, which could lead to a kernel-infoleak. Other users of inet sk diag fill() might make the same mistake in the future, so the fix has been applied to inet sk diag fill(). The vulnerability can be exploited through the netlink recvmsg() function, which can lead to unauthorized access to sensitive kernel information.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 5.16.0-rc3-syzkaller. As a temporary workaround, consider disabling the inet sk diag fill() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation.