Bugzilla – Bug 1182623
VUL-0: CVE-2021-27862: kernel-source: Bypass using 802.3 headers
Last modified: 2023-03-09 10:03:59 UTC
*** Bug 1203837 has been marked as a duplicate of this bug. ***
CVE-2021-27862 Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27862 https://www.cve.org/CVERecord?id=CVE-2021-27862 https://standards.ieee.org/ieee/802.2/1048/ https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/
Denis, any progress on this bug? Through a quick glance, it's not clear whether any relevant upstream fix is present -- or whether we would need any fix, above all, though...
As I'm reading comment 2, Linux is affected by this problem when it acts as a router between ethernet and WiFi. Not a common usecase of our product but perhaps possible. No sure if there are any fixes for this though... Denis can you have a look and tell us whether there's something to fix for us?
configuration issue with the kernel that we will not fix, users should handle the problem by applying proper configuration to their systems.