Security tracker / CVE-2021-47036

CVE-2021-47036

udp: skip L4 aggregation for UDP tunnel packets

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.")
 carnil> 36707061d6ba ("udp: allow forwarding of plain (non-fraglisted) UDP GRO
 carnil> packets"). Vulnerable versions: 5.6-rc1 5.12-rc1.

Bugs

Status

Branch	Status
upstream	released (5.13-rc1) [18f25dc399901426dff61e676ba603ff52c666f7]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.7-upstream-stable	N/A "Fixed before branching point"
6.6-upstream-stable	N/A "Fixed before branching point"
6.1-upstream-stable	N/A "Fixed before branching point"
5.10-upstream-stable	needed
4.19-upstream-stable	N/A "Vulnerable code not present"
sid	released (5.14.6-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	N/A "Fixed before branching point"
5.10-bullseye-security	needed
4.19-buster-security	N/A "Vulnerable code not present"