Name | CVE-2021-27854 |
Description | Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
https://kb.cert.org/vuls/id/855201
https://blog.champtar.fr/VLAN0_LLC_SNAP/
Linux kernel behaves as expected, it's the user space responsibility to build
correct filtering rules.