Bug 1203838 - (CVE-2021-27861) VUL-0: CVE-2021-27861: kernel: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length
(CVE-2021-27861)
VUL-0: CVE-2021-27861: kernel: Layer 2 network filtering capabilities such as...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Denis Kirjanov
Security Team bot
https://smash.suse.de/issue/343694/
CVSSv3.1:SUSE:CVE-2021-27861:5.3:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-09-28 11:48 UTC by Robert Frohl
Modified: 2023-01-06 15:18 UTC (History)
7 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---
mhocko: needinfo? (denis.kirjanov)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Frohl 2022-09-28 11:48:16 UTC
CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed
using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27861
http://www.cvedetails.com/cve/CVE-2021-27861/
https://www.cve.org/CVERecord?id=CVE-2021-27861
https://standards.ieee.org/ieee/802.1Q/10323/
https://standards.ieee.org/ieee/802.2/1048/
https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/
Comment 1 Oscar Salvador 2022-09-29 04:21:44 UTC
@Michal: It seems this is yet another one for you, so I am assigning this to you for the time being. Feel free to re-assign if you need. (Not sure if Denis also handles network issues though?)
Comment 2 Denis Kirjanov 2022-09-29 12:43:45 UTC
(In reply to Oscar Salvador from comment #1)
> @Michal: It seems this is yet another one for you, so I am assigning this to
> you for the time being. Feel free to re-assign if you need. (Not sure if
> Denis also handles network issues though?)

I do. Michal I'll take it if you don't mind
Comment 4 Petr Mladek 2022-11-16 15:36:10 UTC
Gently ping. This bug seems to approach a good date for CVE SLA fulfillment.