Security tracker / CVE-2021-47452

CVE-2021-47452

netfilter: nf_tables: skip netdev events generated on netns removal

References

• Debian security tracker
• cve.org

Notes

 carnil> Introduced in 767d1216bff825 ("netfilter: nftables: fix possible UAF over
 carnil> chains from packet path in netns"). Vulnerable versions: 5.4.99 5.10.17 5.11.

Bugs

Status

Branch	Status
upstream	released (5.15-rc7) [68a3765c659f809dcaac20030853a054646eb739]
6.18-upstream-stable	N/A "Fixed before branching point"
6.17-upstream-stable	N/A "Fixed before branching point"
6.12-upstream-stable	N/A "Fixed before branching point"
6.8-upstream-stable	N/A "Fixed before branching point"
6.6-upstream-stable	N/A "Fixed before branching point"
6.1-upstream-stable	N/A "Fixed before branching point"
5.10-upstream-stable	needed
4.19-upstream-stable	N/A "Vulnerable code not present"
sid	released (5.14.16-1)
6.12-trixie-security	N/A "Fixed before branching point"
6.1-bookworm-security	N/A "Fixed before branching point"
5.10-bullseye-security	needed
4.19-buster-security	N/A "Vulnerable code not present"