{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-47245", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-04-10T18:59:19.533Z", "datePublished": "2024-05-21T14:19:43.648Z", "dateUpdated": "2024-12-19T07:38:08.289Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:38:08.289Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: synproxy: Fix out of bounds when parsing TCP options\n\nThe TCP option parser in synproxy (synproxy_parse_options) could read\none byte out of bounds. When the length is 1, the execution flow gets\ninto the loop, reads one byte of the opcode, and if the opcode is\nneither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds\nthe length of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\n\nv2 changes:\n\nAdded an early return when length < 0 to avoid calling\nskb_header_pointer with negative length."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_synproxy_core.c"], "versions": [{"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "576c1526b4d83c44ad7b673cb841f36cbc6cb6c4", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "674b5f0c6a4fc5d3abce877048290cea6091fcb1", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "7d9a9a1a88a3da574e019b4de756bc73337b3b0b", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "6defc77d48eff74075b80ad5925061b2fc010d98", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "9cdf299ba4e153b5e56187648420de22c6216f02", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "f648089337cb8ed40b2bb96e244f72b9d97dc96b", "status": "affected", "versionType": "git"}, {"version": "48b1de4c110a7afa4b85862f6c75af817db26fad", "lessThan": "5fc177ab759418c9537433e63301096e733fb915", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_synproxy_core.c"], "versions": [{"version": "3.12", "status": "affected"}, {"version": "0", "lessThan": "3.12", "status": "unaffected", "versionType": "semver"}, {"version": "4.4.274", "lessThanOrEqual": "4.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.9.274", "lessThanOrEqual": "4.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.14.238", "lessThanOrEqual": "4.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "4.19.196", "lessThanOrEqual": "4.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.128", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.46", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.13", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8"}, {"url": "https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4"}, {"url": "https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1"}, {"url": "https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b"}, {"url": "https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98"}, {"url": "https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02"}, {"url": "https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b"}, {"url": "https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915"}], "title": "netfilter: synproxy: Fix out of bounds when parsing TCP options", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T18:09:52.562711Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:13:37.955Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.394Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:07.394Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47245", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-23T18:09:52.562711Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T18:09:57.179Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "netfilter: synproxy: Fix out of bounds when parsing TCP options", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "48b1de4c110a", "lessThan": "e1eb98cfeafd", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "576c1526b4d8", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "674b5f0c6a4f", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "7d9a9a1a88a3", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "6defc77d48ef", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "9cdf299ba4e1", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "f648089337cb", "versionType": "git"}, {"status": "affected", "version": "48b1de4c110a", "lessThan": "5fc177ab7594", "versionType": "git"}], "programFiles": ["net/netfilter/nf_synproxy_core.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "3.12"}, {"status": "unaffected", "version": "0", "lessThan": "3.12", "versionType": "semver"}, {"status": "unaffected", "version": "4.4.274", "versionType": "semver", "lessThanOrEqual": "4.4.*"}, {"status": "unaffected", "version": "4.9.274", "versionType": "semver", "lessThanOrEqual": "4.9.*"}, {"status": "unaffected", "version": "4.14.238", "versionType": "semver", "lessThanOrEqual": "4.14.*"}, {"status": "unaffected", "version": "4.19.196", "versionType": "semver", "lessThanOrEqual": "4.19.*"}, {"status": "unaffected", "version": "5.4.128", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.46", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.13", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nf_synproxy_core.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8"}, {"url": "https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4"}, {"url": "https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1"}, {"url": "https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b"}, {"url": "https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98"}, {"url": "https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02"}, {"url": "https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b"}, {"url": "https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: synproxy: Fix out of bounds when parsing TCP options\n\nThe TCP option parser in synproxy (synproxy_parse_options) could read\none byte out of bounds. When the length is 1, the execution flow gets\ninto the loop, reads one byte of the opcode, and if the opcode is\nneither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds\nthe length of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\n\nv2 changes:\n\nAdded an early return when length < 0 to avoid calling\nskb_header_pointer with negative length."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-04T12:02:12.520Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47245", "state": "PUBLISHED", "dateUpdated": "2024-11-04T12:02:12.520Z", "dateReserved": "2024-04-10T18:59:19.533Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:19:43.648Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DCDAEC4-D25F-4160-B3C9-A7E204F7DA2A", "versionEndExcluding": "4.4.274", "versionStartIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A84D5BC-006F-41C5-A54D-6D45236009B3", "versionEndExcluding": "4.9.274", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3C0DBBF-0923-4D2A-9178-134691F9933F", "versionEndExcluding": "4.14.238", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3CAB837-7D38-4934-AD4F-195CEFD754E6", "versionEndExcluding": "4.19.196", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6267BD4E-BE25-48B5-B850-4B493440DAFA", "versionEndExcluding": "5.4.128", "versionStartIncluding": "4.20", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "59455D13-A902-42E1-97F7-5ED579777193", "versionEndExcluding": "5.10.46", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7806E7E5-6D4F-4E18-81C1-79B3C60EE855", "versionEndExcluding": "5.12.13", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*", "matchCriteriaId": "DA610E30-717C-4700-9F77-A3C9244F3BFD", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*", "matchCriteriaId": "1ECD33F5-85BE-430B-8F86-8D7BD560311D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:*", "matchCriteriaId": "CF351855-2437-4CF5-AD7C-BDFA51F27683", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:*", "matchCriteriaId": "25A855BA-2118-44F2-90EF-EBBB12AF51EF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: synproxy: Fix out of bounds when parsing TCP options\n\nThe TCP option parser in synproxy (synproxy_parse_options) could read\none byte out of bounds. When the length is 1, the execution flow gets\ninto the loop, reads one byte of the opcode, and if the opcode is\nneither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds\nthe length of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\n\nv2 changes:\n\nAdded an early return when length < 0 to avoid calling\nskb_header_pointer with negative length."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: synproxy: correcci\u00f3n de l\u00edmites al analizar opciones TCP. El analizador de opciones TCP en synproxy (synproxy_parse_options) podr\u00eda leer un byte fuera de los l\u00edmites. Cuando la longitud es 1, el flujo de ejecuci\u00f3n entra en el bucle, lee un byte del c\u00f3digo de operaci\u00f3n y, si el c\u00f3digo de operaci\u00f3n no es TCPOPT_EOL ni TCPOPT_NOP, lee un byte m\u00e1s, que excede la longitud de 1. Esta soluci\u00f3n est\u00e1 inspirada en la confirmaci\u00f3n. 9609dad263f8 (\"ipv4: tcp_input: corrige la pila fuera de los l\u00edmites al analizar las opciones de TCP\"). Cambios en v2: se agreg\u00f3 un retorno anticipado cuando la longitud &lt;0 para evitar llamar a skb_header_pointer con una longitud negativa."}], "id": "CVE-2021-47245", "lastModified": "2024-12-30T19:03:58.273", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:13.550", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfilter: synproxy: Fix out of bounds when parsing TCP options", "id": "2282568", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282568"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: synproxy: Fix out of bounds when parsing TCP options\nThe TCP option parser in synproxy (synproxy_parse_options) could read\none byte out of bounds. When the length is 1, the execution flow gets\ninto the loop, reads one byte of the opcode, and if the opcode is\nneither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds\nthe length of 1.\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\nv2 changes:\nAdded an early return when length < 0 to avoid calling\nskb_header_pointer with negative length.", "A vulnerability was found in the Linux kernel's netfilter system, in the synproxy TCP option parser. This issue allows the parser to read one byte beyond its intended limit when processing TCP options, which could lead to unexpected behavior or crash."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47245", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47245\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47245\nhttps://lore.kernel.org/linux-cve-announce/2024052143-CVE-2021-47245-13d9@gregkh/T"], "statement": "This vulnerability is rated as a moderate severity because it requires certain conditions for exploitation to disrupt network communications or cause denial of service.", "threat_severity": "Moderate", "upstream_fix": "kernel 4.4.274, kernel 4.9.274, kernel 4.14.238, kernel 4.19.196, kernel 5.4.128, kernel 5.10.46, kernel 5.12.13, kernel 5.13"}