Name | CVE-2021-27862 |
Description | Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
https://kb.cert.org/vuls/id/855201
https://blog.champtar.fr/VLAN0_LLC_SNAP/
Linux kernel behaves as expected, it's the user space responsibility to build
correct filtering rules.