Vulnerability Description
nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 5.12.13 |
Related Weaknesses (CWE)
References
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13Release NotesVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=adPatchVendor Advisory
- https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345Third Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13Release NotesVendor Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=adPatchVendor Advisory
- https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345Third Party Advisory
FAQ
What is CVE-2021-46283?
CVE-2021-46283 is a vulnerability with a CVSS score of 5.5 (MEDIUM). nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of ...
How severe is CVE-2021-46283?
CVE-2021-46283 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46283?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.