CVE-2021-3715: Use After Free

Published Aug 16, 2021

Updated

A flaw was found in the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition. This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Other sources

A flaw was found in the way the "Routing decision" classifier in the Linux kernel's Traffic Control networking subsystem handled changing of classification filters leading to user-after-free condition. An unprivileged local user could use this flaw to escalate their privileges on the system.

Upstream patch:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359

— Red Hat

Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4change() in net/sched/clsroute.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.

— IBM

Affected Software

16 affected componentsFixes available

redhat/kernel-rt<0:3.10.0-1160.42.2.rt56.1182.el7

0:3.10.0-1160.42.2.rt56.1182.el7

redhat/kernel<0:3.10.0-1160.42.2.el7

0:3.10.0-1160.42.2.el7

redhat/kernel-rt<0:4.18.0-240.rt7.54.el8

0:4.18.0-240.rt7.54.el8

redhat/kernel<0:4.18.0-240.el8

0:4.18.0-240.el8

redhat/kernel<0:4.18.0-147.54.2.el8_1

0:4.18.0-147.54.2.el8_1

redhat/kernel-rt<0:4.18.0-193.65.2.rt13.117.el8_2

0:4.18.0-193.65.2.rt13.117.el8_2

redhat/kernel<0:4.18.0-193.65.2.el8_2

0:4.18.0-193.65.2.el8_2

redhat/redhat-virtualization-host<0:4.3.18-20210903.0.el7_9

0:4.3.18-20210903.0.el7_9

IBM DRM<=2.0.6

Linux Linux kernel>=3.18<4.4.218

Linux Linux kernel>=4.5<4.9.218

Linux Linux kernel>=4.10<4.14.175

Linux Linux kernel>=4.15<4.19.114

Linux Linux kernel>=4.20<5.4.29

Linux Linux kernel>=5.5.0<5.5.14

redhat/Kernel<5.10

5.10

Remediation

Patch Available

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359

Information

In order to mitigate this issue, it is possible to prevent the affected code from being loaded by blacklisting the kernel module cls_route.ko. For instructions relating to how to blacklist a kernel module refer to: https://access.redhat.com/solutions/41278. Alternatively, if cls_route is being used, on Red Hat Enterprise Linux 8, you can disable unprivileged user namespaces by setting user.max_user_namespaces to 0: # echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf # sysctl -p /etc/sysctl.d/userns.conf

Event History

Aug 16, 2021

Data Sourced

via Red Hat·01:49 PM

DescriptionSeverityAffected Software

Sep 7, 2021

CVE Published

08:25 AM

Mar 2, 2022

CVE Published

via MITRE·10:17 PM

Data Sourced

via MITRE·10:17 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is CVE-2021-3715?

CVE-2021-3715 is a vulnerability in the Linux Kernel that could allow a local authenticated attacker to gain elevated privileges on the system.

What is the severity of CVE-2021-3715?

The severity of CVE-2021-3715 is high, with a severity value of 7.8.

How does CVE-2021-3715 affect the Linux Kernel?

CVE-2021-3715 affects the 'Routing decision' classifier in the Linux Kernel's Traffic Control networking subsystem, leading to a use-after-free condition.

Who is affected by CVE-2021-3715?

Unprivileged local users on systems running Linux Kernel versions 3.18 up to 5.10 are affected by CVE-2021-3715.

Are there any remedies or patches available for CVE-2021-3715?

Yes, remedies and patches are available. Please refer to the provided references for more information.