VDB

CISA-2021-47245

CISA-2021-47245 PUBLISHED

Reported by Linux · Published May 21, 2024

In the Linux kernel, the following vulnerability has been resolved: netfilter: synproxy: Fix out of bounds when parsing TCP options The TCP option parser in synproxy (synproxy_parse_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of bounds when parsing TCP options."). v2 changes: Added an early return when length < 0 to avoid calling skb_header_pointer with negative length.

Affected Products

VendorProductVersions
LinuxLinux48b1de4c110a, 48b1de4c110a, 48b1de4c110a
LinuxLinux3.12, 0, 4.4.274
LinuxLinux48b1de4c110a, 48b1de4c110a, 48b1de4c110a

Timeline

  • May 21, 2024 CVE Published
  • Nov 4, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›