active/CVE-2021-4135


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2026786
Notes:
 carnil> Commit fixes 395cacb5f1a0 ("netdevsim: bpf: support fake map
 carnil> offload") in 4.16-rc1.
 carnil> Fixed as well in 5.15.11 for 5.15.y.
Bugs:
upstream: released (5.16-rc6) [481221775d53d6215a6e5e9ce1cce6d2b4ab9a46]
5.10-upstream-stable: released (5.10.88) [1a34fb9e2bf3029f7c0882069d67ff69cbd645d8]
4.19-upstream-stable: released (4.19.222) [d861443c4dc88650eed113310d933bd593d37b23]
4.9-upstream-stable: N/A "Vulnerable code introduced later"
sid: needed
5.10-bullseye-security: needed
4.19-buster-security: needed
4.9-stretch-security: N/A "Vulnerable code introduced later"