|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-27862: kernel-source: Bypass using 802.3 headers | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Alexandros Toptsoglou <atoptsoglou> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED INVALID | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | bpetkov, denis.kirjanov, jack, meissner, mhocko, mkubecek, rfrohl, stoyan.manolov, tiwai |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/343695/ | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 13
Robert Frohl
2022-09-28 12:09:31 UTC
CVE-2021-27862 Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27862 https://www.cve.org/CVERecord?id=CVE-2021-27862 https://standards.ieee.org/ieee/802.2/1048/ https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/ Denis, any progress on this bug? Through a quick glance, it's not clear whether any relevant upstream fix is present -- or whether we would need any fix, above all, though... As I'm reading comment 2, Linux is affected by this problem when it acts as a router between ethernet and WiFi. Not a common usecase of our product but perhaps possible. No sure if there are any fixes for this though... Denis can you have a look and tell us whether there's something to fix for us? configuration issue with the kernel that we will not fix, users should handle the problem by applying proper configuration to their systems. |