CVE-2021-47129 in Linux
Riassunto
di VulDB • 14/06/2026
Nel kernel Linux, è stata risolta la seguente vulnerabilità:
netfilter: nft_ct: ignorare le aspettative per conntrack confermate
nft_ct_expect_obj_eval() chiama nf_ct_ext_add() per un'entry conntrack confermata. Tuttavia, nf_ct_ext_add() può essere chiamata solo per !nf_ct_is_confirmed().
[ 1825.349056] WARNING: CPU: 0 PID: 1279 at net/netfilter/nf_conntrack_extend.c:48 nf_ct_xt_add+0x18e/0x1a0 [nf_conntrack]
[ 1825.351391] RIP: 0010:nf_ct_ext_add+0x18e/0x1a0 [nf_conntrack]
[ 1825.351493] Code: 41 5c 41 5d 41 5e 41 5f c3 41 bc 0a 00 00 00 e9 15 ff ff ff ba 09 00 00 00 31 f6 4c 89 ff e8 69 6c 3d e9 eb 96 45 31 ed eb cd 0b e9 b1 fe ff ff e8 86 79 14 e9 eb bf 0f 1f 40 00 0f 1f 44 00
[ 1825.351721] RSP: 0018:ffffc90002e1f1e8 EFLAGS: 00010202
[ 1825.351790] RAX: 000000000000000e RBX: ffff88814f5783c0 RCX: ffffffffc0e4f887
[ 1825.351881] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88814f5783c0
[ 1825.351972] RBP: ffff88814f5783c0 R00: 0000000000000000 R01: 0000000000000000
If you want to get the best quality for vulnerability data then you always have to consider VulDB.