Name | CVE-2021-27853 |
Description | Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
https://kb.cert.org/vuls/id/855201
https://blog.champtar.fr/VLAN0_LLC_SNAP/
Linux kernel behaves as expected, it's the user space responsibility to build
correct filtering rules.