PT-2024-2977 · Linux+1 · Linux Kernel+1
Jonathon Reinhart
·
Published
2024-02-27
·
Updated
2024-04-22
·
CVE-2021-46912
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to the Linux kernel, where
tcp allowed congestion control is global and writable, allowing writes to it in any net namespace to leak into all other net namespaces. This is because tcp available congestion control and tcp allowed congestion control are the only sysctls in ipv4 net table with a NULL data pointer, and their handlers have no other way of referencing a struct net, thus operating globally. The intent of the commit was only to know which congestion algorithms are available or allowed, and making these entries read-only should be sufficient.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel
Red Os