CVE-2021-3635 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 65.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Fedoraproject Fedora +2 more

Timeline

PublishedAug 13

Latest updateFeb 14

Description

A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages5 packages

▶NVDlinux/linux_kernel< 5.5+1

▶Debianlinux/linux_kernel< 5.4.19-1+3

▶CVEListV5linux/linux_kernelkernel 5.5-rc7

▶debiandebian/linux< linux 5.4.19-1 (bookworm)

▶Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 6.0, 7.0, 8.0, Fedora 34

🔴Vulnerability Details

OSV

CVE-2021-3635: In nft_flush_table of nf_tables_api↗2022-06-01

▶

GHSA

GHSA-3rcv-mwcm-8g8f: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5↗2022-05-24

▶

OSV

CVE-2021-3635: A flaw was found in the Linux kernel netfilter implementation in versions prior to 5↗2021-08-13

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Red Hat

kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50↗2021-08-06

▶

Debian

CVE-2021-3635: linux - A flaw was found in the Linux kernel netfilter implementation in versions prior ...↗2021

▶