Add CVE-2021-3892

author: Salvatore Bonaccorso <carnil@debian.org> 2021-10-29 08:57:18 +0200
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-10-29 08:57:18 +0200
commit: 57a69365b01d368b0cff111429eb2df1ac085f4c (patch)
tree: 00ff3c83ff50dfd49b7cc8fbb1db7ea52d1b45fc /active/CVE-2021-3892
parent: 39f36cb382de407a8801fe1506da6425774809ad (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/active/CVE-2021-3892 b/active/CVE-2021-3892
new file mode 100644
index 00000000..96a054da
--- /dev/null
+++ b/active/CVE-2021-3892
@@ -0,0 +1,20 @@
+Description: memory leak in fib6_rule_suppress could result in DoS
+References:
+ https://bugzilla.redhat.com/show_bug.cgi?id=2014623
+ https://bugzilla.redhat.com/show_bug.cgi?id=2008123
+Notes:
+ carnil> At time of writing only limited information provided by Red
+ carnil> Hat: "The kernel leaks memory when firewalld IPv6_rpfilter is
+ carnil> enabled and a suppress_prefix rule is present in the IPv6
+ carnil> routing rules (used by certain tools such as wg-quick). In such
+ carnil> scenarios, every incoming packet will leak an allocation in
+ carnil> ip6_dst_cache slab cache."
+Bugs:
+upstream:
+5.10-upstream-stable:
+4.19-upstream-stable:
+4.9-upstream-stable:
+sid:
+5.10-bullseye-security:
+4.19-buster-security:
+4.9-stretch-security:
author	Salvatore Bonaccorso <carnil@debian.org>	2021-10-29 08:57:18 +0200
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-10-29 08:57:18 +0200
commit	57a69365b01d368b0cff111429eb2df1ac085f4c (patch)
tree	00ff3c83ff50dfd49b7cc8fbb1db7ea52d1b45fc /active/CVE-2021-3892
parent	39f36cb382de407a8801fe1506da6425774809ad (diff)