retired/CVE-2021-46975


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

Description: netfilter: conntrack: Make global sysctls readonly in non-init netns
References:
Notes:
 carnil> Introduced in d0febd81ae77 ("netfilter: conntrack: re-visit sysctls in
 carnil> unprivileged namespaces"). Vulnerable versions: 5.7-rc1.
Bugs:
upstream: released (5.13-rc1) [2671fa4dc0109d3fb581bc3078fdf17b5d9080f6]
6.7-upstream-stable: N/A "Fixed before branching point"
6.6-upstream-stable: N/A "Fixed before branching point"
6.1-upstream-stable: N/A "Fixed before branching point"
5.10-upstream-stable: released (5.10.35) [d3598eb3915cc0c0d8cab42f4a6258ff44c4033e]
4.19-upstream-stable: released (4.19.191) [9b288479f7a901a14ce703938596438559d7df55]
sid: released (5.10.38-1)
6.1-bookworm-security: N/A "Fixed before branching point"
5.10-bullseye-security: N/A "Fixed before branching point"
4.19-buster-security: N/A "Vulnerable code not present"