{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-46996", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-27T18:42:55.949Z", "datePublished": "2024-02-28T08:13:20.406Z", "dateUpdated": "2024-12-19T07:33:16.256Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:33:16.256Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: Fix a memleak from userdata error path in new objects\n\nRelease object name if userdata allocation fails."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "2c784a500f5edd337258b0fdb2f31bc9abde1a23", "status": "affected", "versionType": "git"}, {"version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "59fa98bfa1f4013d658d990cac88c87b46ff410c", "status": "affected", "versionType": "git"}, {"version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "dd3bebf515f336214a91994348a2b86b9a1d3d7f", "status": "affected", "versionType": "git"}, {"version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "85dfd816fabfc16e71786eda0a33a7046688b5b0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/netfilter/nf_tables_api.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.38", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.11.22", "lessThanOrEqual": "5.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.5", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2c784a500f5edd337258b0fdb2f31bc9abde1a23"}, {"url": "https://git.kernel.org/stable/c/59fa98bfa1f4013d658d990cac88c87b46ff410c"}, {"url": "https://git.kernel.org/stable/c/dd3bebf515f336214a91994348a2b86b9a1d3d7f"}, {"url": "https://git.kernel.org/stable/c/85dfd816fabfc16e71786eda0a33a7046688b5b0"}], "title": "netfilter: nftables: Fix a memleak from userdata error path in new objects", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:38.447Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2c784a500f5edd337258b0fdb2f31bc9abde1a23", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/59fa98bfa1f4013d658d990cac88c87b46ff410c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd3bebf515f336214a91994348a2b86b9a1d3d7f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/85dfd816fabfc16e71786eda0a33a7046688b5b0", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:00:55.252894Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:37.360Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2c784a500f5edd337258b0fdb2f31bc9abde1a23", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/59fa98bfa1f4013d658d990cac88c87b46ff410c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/dd3bebf515f336214a91994348a2b86b9a1d3d7f", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/85dfd816fabfc16e71786eda0a33a7046688b5b0", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:24:38.447Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-46996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:00:55.252894Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:17.677Z"}}], "cna": {"title": "netfilter: nftables: Fix a memleak from userdata error path in new objects", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "2c784a500f5edd337258b0fdb2f31bc9abde1a23", "versionType": "git"}, {"status": "affected", "version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "59fa98bfa1f4013d658d990cac88c87b46ff410c", "versionType": "git"}, {"status": "affected", "version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "dd3bebf515f336214a91994348a2b86b9a1d3d7f", "versionType": "git"}, {"status": "affected", "version": "b131c96496b369c7b14125e7c50e89ac7cec8051", "lessThan": "85dfd816fabfc16e71786eda0a33a7046688b5b0", "versionType": "git"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.10"}, {"status": "unaffected", "version": "0", "lessThan": "5.10", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.38", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.11.22", "versionType": "semver", "lessThanOrEqual": "5.11.*"}, {"status": "unaffected", "version": "5.12.5", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["net/netfilter/nf_tables_api.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2c784a500f5edd337258b0fdb2f31bc9abde1a23"}, {"url": "https://git.kernel.org/stable/c/59fa98bfa1f4013d658d990cac88c87b46ff410c"}, {"url": "https://git.kernel.org/stable/c/dd3bebf515f336214a91994348a2b86b9a1d3d7f"}, {"url": "https://git.kernel.org/stable/c/85dfd816fabfc16e71786eda0a33a7046688b5b0"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: Fix a memleak from userdata error path in new objects\n\nRelease object name if userdata allocation fails."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T07:33:16.256Z"}}}, "cveMetadata": {"cveId": "CVE-2021-46996", "state": "PUBLISHED", "dateUpdated": "2024-12-19T07:33:16.256Z", "dateReserved": "2024-02-27T18:42:55.949Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-28T08:13:20.406Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8051E54C-C4D7-4B79-90C8-3C0B5A772262", "versionEndExcluding": "5.10.38", "versionStartIncluding": "5.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B53E9A-F426-4C03-9A5F-A931FF79827E", "versionEndExcluding": "5.11.22", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0274929A-B36C-4F4C-AB22-30A0DD6B995B", "versionEndExcluding": "5.12.5", "versionStartIncluding": "5.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: Fix a memleak from userdata error path in new objects\n\nRelease object name if userdata allocation fails."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nftables: corrige una fuga de memoria de la ruta de error de los datos del usuario en objetos nuevos. Libera el nombre del objeto si falla la asignaci\u00f3n de los datos del usuario."}], "id": "CVE-2021-46996", "lastModified": "2024-12-06T14:55:54.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-28T09:15:38.003", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2c784a500f5edd337258b0fdb2f31bc9abde1a23"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/59fa98bfa1f4013d658d990cac88c87b46ff410c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/85dfd816fabfc16e71786eda0a33a7046688b5b0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd3bebf515f336214a91994348a2b86b9a1d3d7f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2c784a500f5edd337258b0fdb2f31bc9abde1a23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/59fa98bfa1f4013d658d990cac88c87b46ff410c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/85dfd816fabfc16e71786eda0a33a7046688b5b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dd3bebf515f336214a91994348a2b86b9a1d3d7f"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: netfilter: nftables: Fix a memleak from userdata error path in new objects", "id": "2266881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266881"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "status": "draft"}, "cwe": "CWE-402", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnetfilter: nftables: Fix a memleak from userdata error path in new objects\nRelease object name if userdata allocation fails."], "name": "CVE-2021-46996", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-46996\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-46996\nhttps://lore.kernel.org/linux-cve-announce/2024022827-CVE-2021-46996-0af4@gregkh/T/#u"], "threat_severity": "Low"}