{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-16T12:16:10.262","vulnerabilities":[{"cve":{"id":"CVE-2021-47309","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2024-05-21T15:15:18.453","lastModified":"2024-12-26T18:44:48.667","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: validate lwtstate->data before returning from skb_tunnel_info()\n\nskb_tunnel_info() returns pointer of lwtstate->data as ip_tunnel_info\ntype without validation. lwtstate->data can have various types such as\nmpls_iptunnel_encap, etc and these are not compatible.\nSo skb_tunnel_info() should validate before returning that pointer.\n\nSplat looks like:\nBUG: KASAN: slab-out-of-bounds in vxlan_get_route+0x418/0x4b0 [vxlan]\nRead of size 2 at addr ffff888106ec2698 by task ping/811\n\nCPU: 1 PID: 811 Comm: ping Not tainted 5.13.0+ #1195\nCall Trace:\n dump_stack_lvl+0x56/0x7b\n print_address_description.constprop.8.cold.13+0x13/0x2ee\n ? vxlan_get_route+0x418/0x4b0 [vxlan]\n ? vxlan_get_route+0x418/0x4b0 [vxlan]\n kasan_report.cold.14+0x83/0xdf\n ? vxlan_get_route+0x418/0x4b0 [vxlan]\n vxlan_get_route+0x418/0x4b0 [vxlan]\n [ ... ]\n vxlan_xmit_one+0x148b/0x32b0 [vxlan]\n [ ... ]\n vxlan_xmit+0x25c5/0x4780 [vxlan]\n [ ... ]\n dev_hard_start_xmit+0x1ae/0x6e0\n __dev_queue_xmit+0x1f39/0x31a0\n [ ... ]\n neigh_xmit+0x2f9/0x940\n mpls_xmit+0x911/0x1600 [mpls_iptunnel]\n lwtunnel_xmit+0x18f/0x450\n ip_finish_output2+0x867/0x2040\n [ ... ]"},{"lang":"es","value":"En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: validar lwtstate->data antes de regresar de skb_tunnel_info() skb_tunnel_info() devuelve un puntero de lwtstate->data como tipo ip_tunnel_info sin validación. lwtstate->data puede tener varios tipos como mpls_iptunnel_encap, etc. y estos no son compatibles. Entonces skb_tunnel_info() debería validarse antes de devolver ese puntero. Splat se ve así: BUG: KASAN: slab fuera de los límites en vxlan_get_route+0x418/0x4b0 [vxlan] Lectura de tamaño 2 en la dirección ffff888106ec2698 mediante tarea ping/811 CPU: 1 PID: 811 Comm: ping No contaminado 5.13.0 + #1195 Seguimiento de llamadas: dump_stack_lvl+0x56/0x7b print_address_description.constprop.8.cold.13+0x13/0x2ee? vxlan_get_route+0x418/0x4b0 [vxlan] ? vxlan_get_route+0x418/0x4b0 [vxlan] kasan_report.cold.14+0x83/0xdf? vxlan_get_route+0x418/0x4b0 [vxlan] vxlan_get_route+0x418/0x4b0 [vxlan] [ ... ] vxlan_xmit_one+0x148b/0x32b0 [vxlan] [ ... ] vxlan_xmit+0x25c5/0x4780 [vxlan] [ ... ] +0x1ae /0x6e0 __dev_queue_xmit+0x1f39/0x31a0 [...] veck_xMit+0x2f9/0x940 mpls_xmit+0x911/0x1600 [mpls_iptunnel] lwtunnel_xmit+0x18f/0x450 ip_finish_output2+0x20467/0x2040"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3","versionEndExcluding":"4.4.277","matchCriteriaId":"5A6521A3-1CD2-4EFB-B365-323A55C98EE5"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.277","matchCriteriaId":"B543C082-5612-489A-A957-B7F2B8822025"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.14.241","matchCriteriaId":"6A796929-CDBE-45AF-BD44-F357F64AFFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.199","matchCriteriaId":"D1C5B0E1-06E7-4615-AA17-02585202D86E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.135","matchCriteriaId":"3EF7BA79-262D-4A55-A0A1-E0D0BCA7C320"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.53","matchCriteriaId":"08E2D438-D50E-43C5-AF10-D62FE49B5815"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.13.5","matchCriteriaId":"808DF8D9-4913-4CC7-B91F-B4146556B7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.14:rc1:*:*:*:*:*:*","matchCriteriaId":"71268287-21A8-4488-AA4F-23C473153131"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2179d96ec702cc33ead02a9ce40ece599b8538c5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67a9c94317402b826fc3db32afc8f39336803d97","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83bdcfbd968bcc91a0632b7b625e4a9b0cba5e0d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8aa13a86964cdec4fd969ef677c6614ff068641a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8bb1589c89e61e3b182dd546f1021928ebb5c2a6","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a915379594f1e045421635c6316d8f3ffa018c58","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b61d327cd3cc5ea591f3bf751dd11e034f388bb5","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7f3c9df40515a6c6b46f36c4c94cf48a043f887","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/2179d96ec702cc33ead02a9ce40ece599b8538c5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/67a9c94317402b826fc3db32afc8f39336803d97","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/83bdcfbd968bcc91a0632b7b625e4a9b0cba5e0d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8aa13a86964cdec4fd969ef677c6614ff068641a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8bb1589c89e61e3b182dd546f1021928ebb5c2a6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a915379594f1e045421635c6316d8f3ffa018c58","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/b61d327cd3cc5ea591f3bf751dd11e034f388bb5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/e7f3c9df40515a6c6b46f36c4c94cf48a043f887","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}}]}