CVE-2021-47010
net: Only allow init netns to set default tcp cong to a restricted algo
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
net: Only allow init netns to set default tcp cong to a restricted algo
tcp_set_default_congestion_control() is netns-safe in that it writes
to &net->ipv4.tcp_congestion_control, but it also sets
ca->flags |= TCP_CONG_NON_RESTRICTED which is not namespaced.
This has the unintended side-effect of changing the global
net.ipv4.tcp_allowed_congestion_control sysctl, despite the fact that it
is read-only: 97684f0970f6 ("net: Make tcp_allowed_congestion_control
readonly in non-init netns")
Resolve this netns "leak" by only allowing the init netns to set the
default algorithm to one that is restricted. This restriction could be
removed if tcp_allowed_congestion_control were namespace-ified in the
future.
This bug was uncovered with
https://github.com/JonathonReinhart/linux-netns-sysctl-verify
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: solo permite que init netns establezca la cong tcp predeterminada en un algoritmo restringido tcp_set_default_congestion_control() es seguro para netns porque escribe en &net->ipv4.tcp_congestion_control, pero también establece ca->flags |= TCP_CONG_NON_RESTRICTED que no tiene espacio de nombres. Esto tiene el efecto secundario no deseado de cambiar el sistema global net.ipv4.tcp_allowed_congestion_control, a pesar de que es de solo lectura: 97684f0970f6 ("net: Make tcp_allowed_congestion_control readonly in non-init netns") Resuelva esta "fuga" de netns solo permite que las redes de inicio establezcan el algoritmo predeterminado en uno restringido. Esta restricción podría eliminarse si tcp_allowed_congestion_control tuviera un espacio de nombres en el futuro. Este error se descubrió con https://github.com/JonathonReinhart/linux-netns-sysctl-verify
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-02-27 CVE Reserved
- 2024-02-28 CVE Published
- 2024-02-29 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/6670e152447732ba90626f36dfc015a13fbf150e | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 4.19.191 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.191" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 5.4.119 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.4.119" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 5.10.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.10.37" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 5.11.21 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.11.21" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 5.12.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.12.4" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 4.15 < 5.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 5.13" | en |
Affected
| ||||||