CVE-2021-47160

net: dsa: mt7530: fix VLAN traffic leaks

Description

In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will start leaking to each other As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware.

7.1
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.01%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d patch
https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488 patch
https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2 patch
https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e patch
https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a patch

Frequently Asked Questions

What is the severity of CVE-2021-47160?
CVE-2021-47160 has been scored as a high severity vulnerability.
How to fix CVE-2021-47160?
To fix CVE-2021-47160, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-47160 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-47160 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-47160?
CVE-2021-47160 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.