{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2021-47606","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-24T15:11:00.737Z","datePublished":"2024-06-19T14:54:05.025Z","dateUpdated":"2025-12-18T11:38:06.264Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-12-18T11:38:06.264Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netlink: af_netlink: Prevent empty skb by adding a check on len.\n\nAdding a check on len parameter to avoid empty skb. This prevents a\ndivision error in netem_enqueue function which is caused when skb->len=0\nand skb->data_len=0 in the randomized corruption step as shown below.\n\nskb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8);\n\nCrash Report:\n[  343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family\n0 port 6081 - 0\n[  343.216110] netem: version 1.3\n[  343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\n[  343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+\n[  343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS 1.11.0-2.el7 04/01/2014\n[  343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]\n[  343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff\nff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f\n74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03\n[  343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246\n[  343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:\n0000000000000000\n[  343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:\nffff88800f8eda40\n[  343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:\nffffffff94fb8445\n[  343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:\n0000000000000000\n[  343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:\n0000000000000020\n[  343.247291] FS:  00007fdde2bd7700(0000) GS:ffff888109780000(0000)\nknlGS:0000000000000000\n[  343.248350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:\n00000000000006e0\n[  343.250076] Call Trace:\n[  343.250423]  <TASK>\n[  343.250713]  ? memcpy+0x4d/0x60\n[  343.251162]  ? netem_init+0xa0/0xa0 [sch_netem]\n[  343.251795]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.252443]  netem_enqueue+0xe28/0x33c0 [sch_netem]\n[  343.253102]  ? stack_trace_save+0x87/0xb0\n[  343.253655]  ? filter_irq_stacks+0xb0/0xb0\n[  343.254220]  ? netem_init+0xa0/0xa0 [sch_netem]\n[  343.254837]  ? __kasan_check_write+0x14/0x20\n[  343.255418]  ? _raw_spin_lock+0x88/0xd6\n[  343.255953]  dev_qdisc_enqueue+0x50/0x180\n[  343.256508]  __dev_queue_xmit+0x1a7e/0x3090\n[  343.257083]  ? netdev_core_pick_tx+0x300/0x300\n[  343.257690]  ? check_kcov_mode+0x10/0x40\n[  343.258219]  ? _raw_spin_unlock_irqrestore+0x29/0x40\n[  343.258899]  ? __kasan_init_slab_obj+0x24/0x30\n[  343.259529]  ? setup_object.isra.71+0x23/0x90\n[  343.260121]  ? new_slab+0x26e/0x4b0\n[  343.260609]  ? kasan_poison+0x3a/0x50\n[  343.261118]  ? kasan_unpoison+0x28/0x50\n[  343.261637]  ? __kasan_slab_alloc+0x71/0x90\n[  343.262214]  ? memcpy+0x4d/0x60\n[  343.262674]  ? write_comp_data+0x2f/0x90\n[  343.263209]  ? __kasan_check_write+0x14/0x20\n[  343.263802]  ? __skb_clone+0x5d6/0x840\n[  343.264329]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.264958]  dev_queue_xmit+0x1c/0x20\n[  343.265470]  netlink_deliver_tap+0x652/0x9c0\n[  343.266067]  netlink_unicast+0x5a0/0x7f0\n[  343.266608]  ? netlink_attachskb+0x860/0x860\n[  343.267183]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.267820]  ? write_comp_data+0x2f/0x90\n[  343.268367]  netlink_sendmsg+0x922/0xe80\n[  343.268899]  ? netlink_unicast+0x7f0/0x7f0\n[  343.269472]  ? __sanitizer_cov_trace_pc+0x21/0x60\n[  343.270099]  ? write_comp_data+0x2f/0x90\n[  343.270644]  ? netlink_unicast+0x7f0/0x7f0\n[  343.271210]  sock_sendmsg+0x155/0x190\n[  343.271721]  ____sys_sendmsg+0x75f/0x8f0\n[  343.272262]  ? kernel_sendmsg+0x60/0x60\n[  343.272788]  ? write_comp_data+0x2f/0x90\n[  343.273332]  ? write_comp_data+0x2f/0x90\n[  343.273869]  ___sys_sendmsg+0x10f/0x190\n[  343.274405]  ? sendmsg_copy_msghdr+0x80/0x80\n[  343.274984]  ? slab_post_alloc_hook+0x70/0x230\n[  343.275597]  ? futex_wait_setup+0x240/0x240\n[  343.276175]  ? security_file_alloc+0x3e/0x170\n[  343.276779]  ? write_comp_d\n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netlink/af_netlink.c"],"versions":[{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"c54a60c8fbaa774f828e26df79f66229a8a0e010","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"40cf2e058832d9cfaae98dfd77334926275598b6","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"54e785f7d5c197bc06dbb8053700df7e2a093ced","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"ff3f517bf7138e01a17369042908a3f345c0ee41","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"c0315e93552e0d840e9edc6abd71c7db82ec8f51","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"dadce61247c6230489527cc5e343b6002d1114c5","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"4c986072a8c9249b9398c7a18f216dc26a9f0e35","status":"affected","versionType":"git"},{"version":"bcbde0d449eda7afa8f63280b165c8300dbd00e2","lessThan":"f123cffdd8fe8ea6c7fded4b88516a42798797d0","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netlink/af_netlink.c"],"versions":[{"version":"3.11","status":"affected"},{"version":"0","lessThan":"3.11","status":"unaffected","versionType":"semver"},{"version":"4.4.296","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.294","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.259","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.222","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.167","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.87","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.10","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.16","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"4.4.296"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"4.9.294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"4.14.259"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"4.19.222"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.4.167"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.10.87"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.15.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"5.16"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010"},{"url":"https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6"},{"url":"https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced"},{"url":"https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41"},{"url":"https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51"},{"url":"https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5"},{"url":"https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35"},{"url":"https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0"}],"title":"net: netlink: af_netlink: Prevent empty skb by adding a check on len.","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:47:40.217Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47606","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-09-10T17:12:08.038077Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-11T17:34:51.449Z"}}]}}