CVE-2021-47291 Affecting kernel-rt-kvm package, versions *
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELRTKVM-7112530
- published 24 May 2024
- disclosed 21 May 2024
How to fix?
There is no fixed version for Centos:7 kernel-rt-kvm.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-kvm package and not the kernel-rt-kvm package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions
While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79fe46 ("ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions").
We additionally need to take care of fib6_metrics initialization failure when the caller provides an nh.
The fix is similar, explicitly free the route instead of calling fib6_info_release on a half-initialized object.
References
- https://access.redhat.com/security/cve/CVE-2021-47291
- https://git.kernel.org/stable/c/115784bcccf135c3a3548098153413d76f16aae0
- https://git.kernel.org/stable/c/830251361425c5be044db4d826aaf304ea3d14c6
- https://git.kernel.org/stable/c/8fb4792f091e608a0a1d353dfdf07ef55a719db5
- https://git.kernel.org/stable/c/ce8fafb68051fba52546f8bbe8621f7641683680