DEBIAN-CVE-2021-47010
- Source
- https://security-tracker.debian.org/tracker/CVE-2021-47010
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-47010.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-47010
- Upstream
- Published
- 2024-02-28T09:15:38Z
- Modified
- 2025-10-10T01:01:16Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved: net: Only allow init netns to set default tcp cong to a restricted algo tcpsetdefaultcongestioncontrol() is netns-safe in that it writes to &net->ipv4.tcpcongestioncontrol, but it also sets ca->flags |= TCPCONGNONRESTRICTED which is not namespaced. This has the unintended side-effect of changing the global net.ipv4.tcpallowedcongestioncontrol sysctl, despite the fact that it is read-only: 97684f0970f6 ("net: Make tcpallowedcongestioncontrol readonly in non-init netns") Resolve this netns "leak" by only allowing the init netns to set the default algorithm to one that is restricted. This restriction could be removed if tcpallowedcongestioncontrol were namespace-ified in the future. This bug was uncovered with https://github.com/JonathonReinhart/linux-netns-sysctl-verify
- References
Affected packages
Debian:11 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Debian:14 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source