high
8.3
CWE
787
Advisory Published
CVE Published
CVE Published
Updated

CVE-2021-22555: Heap Out-Of-Bounds Write in Netfilter IP6T_SO_SET_REPLACE

First published: Sun Jul 04 2021(Updated: )

A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.

Credit: cve-coordination@google.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:3.10.0-1160.41.1.rt56.1181.el7
0:3.10.0-1160.41.1.rt56.1181.el7
redhat/kernel<0:3.10.0-1160.41.1.el7
0:3.10.0-1160.41.1.el7
redhat/kernel<0:3.10.0-327.100.1.el7
0:3.10.0-327.100.1.el7
redhat/kernel<0:3.10.0-514.92.1.el7
0:3.10.0-514.92.1.el7
redhat/kernel<0:3.10.0-693.94.1.el7
0:3.10.0-693.94.1.el7
redhat/kernel<0:3.10.0-957.84.1.el7
0:3.10.0-957.84.1.el7
redhat/kernel<0:3.10.0-1062.56.1.el7
0:3.10.0-1062.56.1.el7
redhat/kernel-rt<0:4.18.0-305.12.1.rt7.84.el8_4
0:4.18.0-305.12.1.rt7.84.el8_4
redhat/kernel<0:4.18.0-305.12.1.el8_4
0:4.18.0-305.12.1.el8_4
redhat/kernel<0:4.18.0-147.52.1.el8_1
0:4.18.0-147.52.1.el8_1
redhat/kernel-rt<0:4.18.0-193.64.1.rt13.115.el8_2
0:4.18.0-193.64.1.rt13.115.el8_2
redhat/kernel<0:4.18.0-193.64.1.el8_2
0:4.18.0-193.64.1.el8_2
redhat/redhat-virtualization-host<0:4.3.18-20210903.0.el7_9
0:4.3.18-20210903.0.el7_9
redhat/redhat-virtualization-host<0:4.4.7-20210804.0.el8_4
0:4.4.7-20210804.0.el8_4
Linux Linux kernel>=2.6.19<4.4.267
Linux Linux kernel>=4.5<4.9.267
Linux Linux kernel>=4.10<4.14.231
Linux Linux kernel>=4.15<4.19.188
Linux Linux kernel>=4.20<5.4.113
Linux Linux kernel>=5.5<5.10.31
Linux Linux kernel>=5.11<5.12
Brocade Fabric Operating System
Netapp Fas 8300 Firmware
Netapp Fas 8300
Netapp Fas 8700 Firmware
Netapp Fas 8700
Netapp Aff A400 Firmware
Netapp Aff A400
Netapp Aff A250 Firmware
Netapp Aff A250
Netapp Aff 500f Firmware
Netapp Aff 500f
Netapp H610c Firmware
Netapp H610c
Netapp H610s Firmware
Netapp H610s
Netapp H615c Firmware
Netapp H615c
Netapp Hci Management Node
Netapp Solidfire
redhat/Kernel<5.12
5.12
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d

Remedy

The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command: echo 0 > /proc/sys/user/max_user_namespaces For making this change in configuration permanent. Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable. Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory: user.max_user_namespaces = 0 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command: $ sudo sysctl --system The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-22555?

    CVE-2021-22555 is a heap out-of-bounds write vulnerability affecting Linux kernel since v2.6.19-rc1 in the net/netfilter/x_tables component.

  • How does CVE-2021-22555 affect the system?

    CVE-2021-22555 allows a local user to gain privileges or cause a denial-of-service (DoS) through user name space.

  • Which software versions are affected by CVE-2021-22555?

    Linux kernel versions between v2.6.19-rc1 and 5.12 are affected by CVE-2021-22555.

  • What is the severity of CVE-2021-22555?

    CVE-2021-22555 has a severity rating of 7.8 (High).

  • How can I fix CVE-2021-22555?

    To fix CVE-2021-22555, update the Linux kernel to version 5.12 or apply the appropriate patches as recommended by the vendor.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203