一、漏洞信息
漏洞编号：CVE-2021-47036
漏洞归属组件：kernel
漏洞归属的版本：4.19.140,4.19.194,4.19.90,5.10.0,6.1.0,6.1.14,6.1.19,6.1.5,6.1.6,6.1.8,6.4.0
CVSS V2.0分值：
BaseScore：0.0 Low
Vector：CVSS：2.0/
漏洞简述：
In the Linux kernel, the following vulnerability has been resolved:udp: skip L4 aggregation for UDP tunnel packetsIf NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and thereare UDP tunnels available in the system, udp_gro_receive() could end-updoing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) atthe outer UDP tunnel level for packets effectively carrying and UDPtunnel header.That could cause inner protocol corruption. If e.g. the relevantpackets carry a vxlan header, different vxlan ids will be ignored/aggregated to the same GSO packet. Inner headers will be ignored, too,so that e.g. TCP over vxlan push packets will be held in the GROengine till the next flush, etc.Just skip the SKB_GSO_UDP_L4 and SKB_GSO_FRAGLIST code path if thecurrent packet could land in a UDP tunnel, and let udp_gro_receive()do GRO via udp_sk(sk)->gro_receive.The check implemented in this patch is broader than what is strictlyneeded, as the existing UDP tunnel could be e.g. configured on top ofa different device: we could end-up skipping GRO at-all for some packets.Anyhow, that is a very thin corner case and covering it will add quitea bit of complexity.v1 -> v2: - hopefully clarify the commit message
漏洞公开时间：2024-02-28 17:15:39
漏洞创建时间：2024-02-28 23:16:13
漏洞详情参考链接：
https://nvd.nist.gov/vuln/detail/CVE-2021-47036

漏洞分析指导链接：
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息：

二、漏洞分析结构反馈
影响性分析说明：
In the Linux kernel, the following vulnerability has been resolved:udp: skip L4 aggregation for UDP tunnel packetsIf NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and thereare UDP tunnels available in the system, udp_gro_receive() could end-updoing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) atthe outer UDP tunnel level for packets effectively carrying and UDPtunnel header.That could cause inner protocol corruption. If e.g. the relevantpackets carry a vxlan header, different vxlan ids will be ignored/aggregated to the same GSO packet. Inner headers will be ignored, too,so that e.g. TCP over vxlan push packets will be held in the GROengine till the next flush, etc.Just skip the SKB_GSO_UDP_L4 and SKB_GSO_FRAGLIST code path if thecurrent packet could land in a UDP tunnel, and let udp_gro_receive()do GRO via udp_sk(sk)->gro_receive.The check implemented in this patch is broader than what is strictlyneeded, as the existing UDP tunnel could be e.g. configured on top ofa different device: we could end-up skipping GRO at-all for some packets.Anyhow, that is a very thin corner case and covering it will add quitea bit of complexity.v1 -> v2: - hopefully clarify the commit message
openEuler评分：
5.3
Vector：CVSS：2.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
受影响版本排查(受影响/不受影响)：
1.openEuler-22.03-LTS(5.10.0):受影响
2.openEuler-22.03-LTS-SP1(5.10.0):受影响
3.openEuler-22.03-LTS-SP2(5.10.0):受影响
4.openEuler-22.03-LTS-SP3:受影响
5.openEuler-22.03-LTS-Next(5.10.0):受影响
6.openEuler-20.03-LTS-SP1(4.19.90):不受影响
7.openEuler-20.03-LTS-SP4:不受影响
8.master(6.1.0):不受影响
9.openEuler-24.03-LTS:不受影响

修复是否涉及abi变化(是/否)：
1.openEuler-20.03-LTS-SP1(4.19.90):否
2.openEuler-20.03-LTS-SP4:否
3.openEuler-22.03-LTS(5.10.0):否
4.openEuler-22.03-LTS-SP1(5.10.0):否
5.openEuler-22.03-LTS-SP2(5.10.0):否
6.openEuler-22.03-LTS-SP3:否
7.master(6.1.0):否
8.openEuler-22.03-LTS-Next(5.10.0):否
9.openEuler-24.03-LTS:否

三、漏洞修复
安全公告链接：https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2024-1349