CVE-2021-29646 — Improper Input Validation in Kernel

CWE-20 — Improper Input Validation12 documents8 sources

Severity

5.5MEDIUMNVD

OSV7.8OSV4.4

EPSS

0.1%

top 71.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +6 more

Timeline

PublishedMar 30

Latest updateFeb 14

Description

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

▶NVDlinux/linux_kernel< 5.11.11

▶Debianlinux/linux_kernel< 5.10.28-1+3

▶debiandebian/linux< linux 5.10.28-1 (bookworm)

▶msrcmsrc/cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0

▶Palo Altopaloalto/pan-os

Also affects: Fedora 32, 33, 34

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-5jv2-3rr2-pc65: An issue was discovered in the Linux kernel before 5↗2022-05-24

▶

OSV

CVE-2021-29646: In tipc_nl_retrieve_key of node↗2021-10-01

▶

OSV

linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.8, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-05-11

▶

OSV

linux-oem-5.10 vulnerabilities↗2021-05-11

▶

OSV

CVE-2021-29646: An issue was discovered in the Linux kernel before 5↗2021-03-30

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-05-11

▶

Ubuntu

Linux kernel vulnerabilities↗2021-05-11

▶

Red Hat

kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c↗2021-03-15

▶

Microsoft

An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes aka CID-0217ed2848e8.↗2021-03-09

▶