CVE-2021-38209
openSUSE Security Advisory - openSUSE-SU-2021:3205-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.
El archivo net/netfilter/nf_conntrack_standalone.c en el kernel de Linux versiones anteriores a 5.12.2, permite la observación de cambios en cualquier espacio de nombres de red porque estos cambios son filtrados a todos los demás espacios de nombres de red. Esto está relacionado con los sysctls NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX y NF_SYSCTL_CT_BUCKETS
An update that solves 20 vulnerabilities and has 107 fixes is now available. The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bug fixes.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-08 CVE Reserved
- 2021-08-08 CVE Published
- 2024-08-04 CVE Updated
- 2025-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.2 | 2021-08-12 | |
| https://github.com/torvalds/linux/commit/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 | 2021-08-12 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.12.2 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.2" | - |
Affected
| ||||||