Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-38209

Опубликовано: 12 апр. 2021
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.

A flaw was found in the Linux kernel. Observation of changes in any net namespace is possible due to these changes being leaked into all other net namespaces. The highest threat from this vulnerability is to data confidentiality.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-altOut of support scope
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelNot affected
Red Hat Enterprise Linux 8kernel-rtNot affected
Red Hat Enterprise Linux 9kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1992815kernel: net/netfilter/nf_conntrack_standalone.c allows observation of changes in any net namespace because these changes are leaked into all other net namespaces

EPSS

Процентиль: 25%
0.00087
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-38209

CVSS3: 3.3
ubuntu
больше 4 лет назад

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.

nvd логотип

CVE-2021-38209

CVSS3: 3.3
nvd
больше 4 лет назад

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.

msrc логотип

CVE-2021-38209

CVSS3: 3.3
msrc
больше 4 лет назад

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX NF_SYSCTL_CT_EXPECT_MAX and NF_SYSCTL_CT_BUCKETS sysctls.

debian логотип

CVE-2021-38209

CVSS3: 3.3
debian
больше 4 лет назад

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...

github логотип

GHSA-vj8v-34wr-vjm9

github
больше 3 лет назад

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.

EPSS

Процентиль: 25%
0.00087
Низкий

3.3 Low

CVSS3