VDB
DEBIAN-CVE-2021-47293
DEBIAN-CVE-2021-47293
PUBLISHED
CVSS 7.800000190734863 HIGH
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add dev vcan0 type vcan $ ip link set up vcan0 $ tc qdisc add dev vcan0 root handle 1: htb $ tc filter add dev vcan0 parent 1: protocol ip prio 10 \ matchall action skbmod swap mac Doing the above silently corrupts all the packets. Do not perform skbmod actions for non-Ethernet packets.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 0, 0, 0 |
| Debian:13 | linux | 0, 0, 0 |
| Debian:11 | linux | 5.10.70-1~bpo10+1, 0, 5.10.46-4 |
| Debian:14 | linux | 0, 0, 0 |
Timeline
- May 21, 2024 CVE Published
- Apr 28, 2026 CVE Updated