Add CVE-2021-46283

author: Salvatore Bonaccorso <carnil@debian.org> 2022-01-12 09:29:55 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2022-01-12 09:29:55 +0100
commit: 48a64abf7be2e19f3a352cee4836a83a6b258a59 (patch)
tree: e1352262634822c81628c0972df09d89b32754a8
parent: 4982f14166d2bbd94f8712b246722881ba409e50 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/active/CVE-2021-46283 b/active/CVE-2021-46283
new file mode 100644
index 00000000..15525565
--- /dev/null
+++ b/active/CVE-2021-46283
@@ -0,0 +1,16 @@
+Description: netfilter: nf_tables: initialize set before expression setup
+References:
+ https://bugzilla.suse.com/show_bug.cgi?id=1194518
+ https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345
+Notes:
+ carnil> Commit fixes 65038428b2c6 ("netfilter: nf_tables: allow to
+ carnil> specify stateful expression in set definition") in 5.7-rc1.
+Bugs:
+upstream: released (5.13-rc7) [ad9f151e560b016b6ad3280b48e42fa11e1a5440]
+5.10-upstream-stable: released (5.10.64) [36983fc2f87ea3b74a33bf460c9ee7329735b7b5]
+4.19-upstream-stable: N/A "Vulnerable code not present"
+4.9-upstream-stable: N/A "Vulnerable code not present"
+sid: released (5.14.6-1)
+5.10-bullseye-security: released (5.10.70-1)
+4.19-buster-security: N/A "Vulnerable code not present"
+4.9-stretch-security: N/A "Vulnerable code not present"
author	Salvatore Bonaccorso <carnil@debian.org>	2022-01-12 09:29:55 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2022-01-12 09:29:55 +0100
commit	48a64abf7be2e19f3a352cee4836a83a6b258a59 (patch)
tree	e1352262634822c81628c0972df09d89b32754a8
parent	4982f14166d2bbd94f8712b246722881ba409e50 (diff)