Описание
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
A flaw was discovered in processing setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) for 32 bit processes on 64 bit systems. This flaw will allow local user to gain privileges or cause a DoS through user name space. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges.
Отчет
For the Red Hat Enterprise Linux 7 only privileged user can trigger this bug. For the Red Hat Enterprise Linux 8 regular user can trigger it, and the result is corruption of 4 bytes of memory.
Меры по смягчению последствий
The mitigation for the Red Hat Enterprise Linux 8 is to disable for unprivileged user possibilities of running unshare(CLONE_NEWUSER) or unshare(CLONE_NEWNET) that could be done with the next command: echo 0 > /proc/sys/user/max_user_namespaces For making this change in configuration permanent. Note: User namespaces are used primarily for Linux containers. If containers are in use, this requirement is not applicable. Configure RHEL 8 to disable the use of user namespaces by adding the following line to a file in the "/etc/sysctl.d/" directory: user.max_user_namespaces = 0 The system configuration files need to be reloaded for the changes to take effect. To reload the contents of the files, run the following command: $ sudo sysctl --system The other mitigation for containers, if without disabling user namespaces, is blocking the pertinent syscalls in a seccomp policy file. For more information about seccomp, please read: https://www.openshift.com/blog/seccomp-for-fun-and-profit
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2021:3328 | 31.08.2021 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2021:3327 | 31.08.2021 |
| Red Hat Enterprise Linux 7 | kpatch-patch | Fixed | RHSA-2021:3381 | 31.08.2021 |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | kernel | Fixed | RHSA-2021:3399 | 31.08.2021 |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | kernel | Fixed | RHSA-2021:3321 | 31.08.2021 |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | kernel | Fixed | RHSA-2021:3725 | 05.10.2021 |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | kernel | Fixed | RHSA-2021:3812 | 12.10.2021 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c. This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space
A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was disco ...
Уязвимость функции xt_compat_target_from_user() (net/netfilter/x_tables.c) подсистемы netfilter операционных систем Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
EPSS
7.8 High
CVSS3