cb), the receiving interface index info is lost (IP6CB(skb)->iif is set to zero). As a side effect, that condition triggers a NULL pointer dereference if commit 0857d6f8c759 ("ipv6: When forwarding count rx stats on the orig netdev") is applied. To fix that issue, we set the IP6CB(skb)->iif with the index of the receiving interface once again. "> cb),,the,receiving,interface,index,info,is,lost (IP6CB(skb)->iif,is,set,to,zero).,As,a,side,effect,,that,condition triggers,a,NULL,pointer,dereference,if,commit,0857d6f8c759,("ipv6: When,forwarding,count,rx,stats,on,the,orig,netdev"),is,applied.,To,fix that,issue,,we,set,the,IP6CB(skb)->iif,with,the,index,of,the,receiving interface,once,again. "> SecuritySpace - CVE-2021-47515
 
English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2021-47515
Description:In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510): IPCB(skb)->iif = skb->skb_iif; If that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH header, the seg6_do_srh_encap(...) performs the required encapsulation. In this case, the seg6_do_srh_encap function clears the IPv6 socket control block (v5.16-rc4 net/ipv6/seg6_iptunnel.c line 163): memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); The memset(...) was introduced in commit ef489749aae5 ("ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation") a long time ago (2019-01-29). Since the IPv6 socket control block and the IPv4 socket control block share the same memory area (skb->cb), the receiving interface index info is lost (IP6CB(skb)->iif is set to zero). As a side effect, that condition triggers a NULL pointer dereference if commit 0857d6f8c759 ("ipv6: When forwarding count rx stats on the orig netdev") is applied. To fix that issue, we set the IP6CB(skb)->iif with the index of the receiving interface once again.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2021-47515
https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e
https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e
https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831
https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831
https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1
https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1
https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c
https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c
https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3
https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3
https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9
https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9



© 1998-2025 E-Soft Inc. All rights reserved.