Fixed
Created: Mar 25, 2024
Updated: May 23, 2024
Resolved Date: May 22, 2024
Found In Version: 10.21.20.1
Fix Version: 10.21.20.21
Severity: Standard
Applicable for: Wind River Linux LTS 21
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: mt7530: fix VLAN traffic leaks
PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but
was not reset when it is disabled, which may cause traffic leaks:
ip link add br0 type bridge vlan_filtering 1
ip link add br1 type bridge vlan_filtering 1
ip link set swp0 master br0
ip link set swp1 master br1
ip link set br0 type bridge vlan_filtering 0
ip link set br1 type bridge vlan_filtering 0
# traffic in br0 and br1 will start leaking to each other
As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the
PCR_MATRIX write from mt7530_port_set_vlan_aware.
CREATE(Triage):(User=admin) CVE-2021-47160 (https://nvd.nist.gov/vuln/detail/CVE-2021-47160)