{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47515","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-24T15:02:54.824Z","datePublished":"2024-05-24T15:09:29.334Z","dateUpdated":"2025-05-04T12:41:38.139Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T12:41:38.139Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix the iif in the IPv6 socket control block\n\nWhen an IPv4 packet is received, the ip_rcv_core(...) sets the receiving\ninterface index into the IPv4 socket control block (v5.16-rc4,\nnet/ipv4/ip_input.c line 510):\n\n    IPCB(skb)->iif = skb->skb_iif;\n\nIf that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH\nheader, the seg6_do_srh_encap(...) performs the required encapsulation.\nIn this case, the seg6_do_srh_encap function clears the IPv6 socket control\nblock (v5.16-rc4 net/ipv6/seg6_iptunnel.c line 163):\n\n    memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));\n\nThe memset(...) was introduced in commit ef489749aae5 (\"ipv6: sr: clear\nIP6CB(skb) on SRH ip4ip6 encapsulation\") a long time ago (2019-01-29).\n\nSince the IPv6 socket control block and the IPv4 socket control block share\nthe same memory area (skb->cb), the receiving interface index info is lost\n(IP6CB(skb)->iif is set to zero).\n\nAs a side effect, that condition triggers a NULL pointer dereference if\ncommit 0857d6f8c759 (\"ipv6: When forwarding count rx stats on the orig\nnetdev\") is applied.\n\nTo fix that issue, we set the IP6CB(skb)->iif with the index of the\nreceiving interface once again."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/seg6_iptunnel.c"],"versions":[{"version":"c630ec8bdadae9d557b1ceb9d6c06e149108a0d4","lessThan":"b16d412e5f79734033df04e97d7ea2f50a8e9fe3","status":"affected","versionType":"git"},{"version":"2f704348c93ff8119e642dae6a72327f90b82810","lessThan":"6431e71093f3da586a00c6d931481ffb0dc2db0e","status":"affected","versionType":"git"},{"version":"ef489749aae508e6f17886775c075f12ff919fb1","lessThan":"ef8804e47c0a44ae106ead1740408af5ea6c6ee9","status":"affected","versionType":"git"},{"version":"ef489749aae508e6f17886775c075f12ff919fb1","lessThan":"666521b3852d2b2f52d570f9122b1e4b50d96831","status":"affected","versionType":"git"},{"version":"ef489749aae508e6f17886775c075f12ff919fb1","lessThan":"98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1","status":"affected","versionType":"git"},{"version":"ef489749aae508e6f17886775c075f12ff919fb1","lessThan":"ae68d93354e5bf5191ee673982251864ea24dd5c","status":"affected","versionType":"git"},{"version":"b71b7e0280f47b4ac633fbfd153423814ea87810","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/ipv6/seg6_iptunnel.c"],"versions":[{"version":"5.0","status":"affected"},{"version":"0","lessThan":"5.0","status":"unaffected","versionType":"semver"},{"version":"4.14.258","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.221","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.165","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.85","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.8","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.14.98","versionEndExcluding":"4.14.258"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.19.20","versionEndExcluding":"4.19.221"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.4.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.10.85"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.15.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0","versionEndExcluding":"5.16"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20.7"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3"},{"url":"https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e"},{"url":"https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9"},{"url":"https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831"},{"url":"https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1"},{"url":"https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c"}],"title":"seg6: fix the iif in the IPv6 socket control block","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:39:59.755Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/b16d412e5f79734033df04e97d7ea2f50a8e9fe3","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6431e71093f3da586a00c6d931481ffb0dc2db0e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ef8804e47c0a44ae106ead1740408af5ea6c6ee9","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/666521b3852d2b2f52d570f9122b1e4b50d96831","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/98adb2bbfa407c9290bda299d4c6f7a1c4ebd5e1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ae68d93354e5bf5191ee673982251864ea24dd5c","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47515","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T15:35:33.340330Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:32:52.378Z"}}]}}