Executive Summary

Informations
Name CVE-2021-46283 First vendor Publication 2022-01-11
Vendor Cve Last vendor Modification 2022-01-20

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 4.9 Attack Range Local
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46283

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-665 Improper Initialization

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 3402

Sources (Detail)

Source Url
MISC https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.13
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id...
https://syzkaller.appspot.com/bug?id=22c3987f75a7b90e238a26b5a5920525c2d1f345

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2022-03-11 01:59:31
  • Multiple Updates
2022-02-01 01:53:14
  • Multiple Updates
2022-01-20 17:23:00
  • Multiple Updates
2022-01-12 09:23:16
  • Multiple Updates
2022-01-12 00:22:59
  • First insertion