CVE-2021-46283 — Vulnetix

CVE-2021-46283 PUBLISHED CVSS 5.5 MEDIUM

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.

EPSS 0.04% · 12.4th percentile

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.04%

12.4th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	0
n/a	n/a	n/a

Exploit Intelligence

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13 (circl)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad9f151e560b016b6ad3280b48e42fa11e1a5440 (circl)
https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345 (circl)

Timeline

Jan 11, 2022 CVE Published
Jan 12, 2022 EPSS Score
Mar 6, 2022 EPSS Score
Apr 29, 2022 EPSS Score
Jun 21, 2022 EPSS Score
Aug 15, 2022 EPSS Score
Oct 7, 2022 EPSS Score
Nov 29, 2022 EPSS Score
Jan 22, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 16, 2023 EPSS Score
May 8, 2023 EPSS Score

References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13 url
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ad9f151e560b016b6ad3280b48e42fa11e1a5440 url
https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345 url
https://www.suse.com/support/update/announcement/2022/suse-su-20220181-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220169-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220289-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220288-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220293-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220291-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220295-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220292-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220296-1/ advisory
https://www.suse.com/support/update/announcement/2022/suse-su-20220298-1/ advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-46283 advisory

Open in Interactive Console →