{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "cveId": "CVE-2021-47572",
        "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "state": "PUBLISHED",
        "assignerShortName": "Linux",
        "dateReserved": "2024-05-24T15:11:00.729Z",
        "datePublished": "2024-05-24T15:12:58.397Z",
        "dateUpdated": "2024-09-11T17:33:19.470Z"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
                "shortName": "Linux",
                "dateUpdated": "2024-05-29T05:10:22.383Z"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nexthop: fix null pointer dereference when IPv6 is not enabled\n\nWhen we try to add an IPv6 nexthop and IPv6 is not enabled\n(!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path\nof nh_create_ipv6() due to calling ipv6_stub->fib6_nh_release. The bug\nhas been present since the beginning of IPv6 nexthop gateway support.\nCommit 1aefd3de7bc6 (\"ipv6: Add fib6_nh_init and release to stubs\") tells\nus that only fib6_nh_init has a dummy stub because fib6_nh_release should\nnot be called if fib6_nh_init returns an error, but the commit below added\na call to ipv6_stub->fib6_nh_release in its error path. To fix it return\nthe dummy stub's -EAFNOSUPPORT error directly without calling\nipv6_stub->fib6_nh_release in nh_create_ipv6()'s error path.\n\n[1]\n Output is a bit truncated, but it clearly shows the error.\n BUG: kernel NULL pointer dereference, address: 000000000000000000\n #PF: supervisor instruction fetch in kernel modede\n #PF: error_code(0x0010) - not-present pagege\n PGD 0 P4D 0\n Oops: 0010 [#1] PREEMPT SMP NOPTI\n CPU: 4 PID: 638 Comm: ip Kdump: loaded Not tainted 5.16.0-rc1+ #446\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-4.fc34 04/01/2014\n RIP: 0010:0x0\n Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.\n RSP: 0018:ffff888109f5b8f0 EFLAGS: 00010286^Ac\n RAX: 0000000000000000 RBX: ffff888109f5ba28 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8881008a2860\n RBP: ffff888109f5b9d8 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff888109f5b978 R11: ffff888109f5b948 R12: 00000000ffffff9f\n R13: ffff8881008a2a80 R14: ffff8881008a2860 R15: ffff8881008a2840\n FS:  00007f98de70f100(0000) GS:ffff88822bf00000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffffffffffd6 CR3: 0000000100efc000 CR4: 00000000000006e0\n Call Trace:\n  <TASK>\n  nh_create_ipv6+0xed/0x10c\n  rtm_new_nexthop+0x6d7/0x13f3\n  ? check_preemption_disabled+0x3d/0xf2\n  ? lock_is_held_type+0xbe/0xfd\n  rtnetlink_rcv_msg+0x23f/0x26a\n  ? check_preemption_disabled+0x3d/0xf2\n  ? rtnl_calcit.isra.0+0x147/0x147\n  netlink_rcv_skb+0x61/0xb2\n  netlink_unicast+0x100/0x187\n  netlink_sendmsg+0x37f/0x3a0\n  ? netlink_unicast+0x187/0x187\n  sock_sendmsg_nosec+0x67/0x9b\n  ____sys_sendmsg+0x19d/0x1f9\n  ? copy_msghdr_from_user+0x4c/0x5e\n  ? rcu_read_lock_any_held+0x2a/0x78\n  ___sys_sendmsg+0x6c/0x8c\n  ? asm_sysvec_apic_timer_interrupt+0x12/0x20\n  ? lockdep_hardirqs_on+0xd9/0x102\n  ? sockfd_lookup_light+0x69/0x99\n  __sys_sendmsg+0x50/0x6e\n  do_syscall_64+0xcb/0xf2\n  entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f98dea28914\n Code: 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b5 0f 1f 80 00 00 00 00 48 8d 05 e9 5d 0c 00 8b 00 85 c0 75 13 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 41 54 41 89 d4 55 48 89 f5 53\n RSP: 002b:00007fff859f5e68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e2e\n RAX: ffffffffffffffda RBX: 00000000619cb810 RCX: 00007f98dea28914\n RDX: 0000000000000000 RSI: 00007fff859f5ed0 RDI: 0000000000000003\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000008\n R10: fffffffffffffce6 R11: 0000000000000246 R12: 0000000000000001\n R13: 000055c0097ae520 R14: 000055c0097957fd R15: 00007fff859f63a0\n </TASK>\n Modules linked in: bridge stp llc bonding virtio_net"
                }
            ],
            "affected": [
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "unaffected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/ipv4/nexthop.c"
                    ],
                    "versions": [
                        {
                            "version": "53010f991a9f",
                            "lessThan": "7b6f44856da5",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "53010f991a9f",
                            "lessThan": "b70ff391deee",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "53010f991a9f",
                            "lessThan": "39509d76a9a3",
                            "status": "affected",
                            "versionType": "git"
                        },
                        {
                            "version": "53010f991a9f",
                            "lessThan": "1c743127cc54",
                            "status": "affected",
                            "versionType": "git"
                        }
                    ]
                },
                {
                    "product": "Linux",
                    "vendor": "Linux",
                    "defaultStatus": "affected",
                    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
                    "programFiles": [
                        "net/ipv4/nexthop.c"
                    ],
                    "versions": [
                        {
                            "version": "5.3",
                            "status": "affected"
                        },
                        {
                            "version": "0",
                            "lessThan": "5.3",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.4.163",
                            "lessThanOrEqual": "5.4.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.10.83",
                            "lessThanOrEqual": "5.10.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.15.6",
                            "lessThanOrEqual": "5.15.*",
                            "status": "unaffected",
                            "versionType": "custom"
                        },
                        {
                            "version": "5.16",
                            "lessThanOrEqual": "*",
                            "status": "unaffected",
                            "versionType": "original_commit_for_fix"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "url": "https://git.kernel.org/stable/c/7b6f44856da5ba0b1aa61403eb9fddd272156503"
                },
                {
                    "url": "https://git.kernel.org/stable/c/b70ff391deeec35cdd8a05f5f63f5fe28bc4f225"
                },
                {
                    "url": "https://git.kernel.org/stable/c/39509d76a9a3d02f379d52cb4b1449469c56c0e0"
                },
                {
                    "url": "https://git.kernel.org/stable/c/1c743127cc54b112b155f434756bd4b5fa565a99"
                }
            ],
            "title": "net: nexthop: fix null pointer dereference when IPv6 is not enabled",
            "x_generator": {
                "engine": "bippy-a5840b7849dd"
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-04T05:39:59.779Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "url": "https://git.kernel.org/stable/c/7b6f44856da5ba0b1aa61403eb9fddd272156503",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/b70ff391deeec35cdd8a05f5f63f5fe28bc4f225",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/39509d76a9a3d02f379d52cb4b1449469c56c0e0",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://git.kernel.org/stable/c/1c743127cc54b112b155f434756bd4b5fa565a99",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            },
            {
                "metrics": [
                    {
                        "other": {
                            "type": "ssvc",
                            "content": {
                                "id": "CVE-2021-47572",
                                "role": "CISA Coordinator",
                                "options": [
                                    {
                                        "Exploitation": "none"
                                    },
                                    {
                                        "Automatable": "no"
                                    },
                                    {
                                        "Technical Impact": "partial"
                                    }
                                ],
                                "version": "2.0.3",
                                "timestamp": "2024-09-10T15:35:07.855330Z"
                            }
                        }
                    }
                ],
                "title": "CISA ADP Vulnrichment",
                "providerMetadata": {
                    "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
                    "shortName": "CISA-ADP",
                    "dateUpdated": "2024-09-11T17:33:19.470Z"
                }
            }
        ]
    }
}