Lucene search

MitreCVE-2021-38160

HistoryAug 07, 2021 - 4:15 a.m.

CVE-2021-38160

2021-08-0704:15:06

CWE-120

mitre

web.nvd.nist.gov

303

cve-2021-38160

linux kernel

data corruption

untrusted device

buf->len

nvd

vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

Percentile

14.2%

JSON

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior

Affected configurations

Nvd

Node

linuxlinux_kernelRange2.6.24–4.4.276

linuxlinux_kernelRange4.5–4.9.276

linuxlinux_kernelRange4.10–4.14.240

linuxlinux_kernelRange4.15–4.19.198

linuxlinux_kernelRange4.20–5.4.134

linuxlinux_kernelRange5.5–5.10.52

linuxlinux_kernelRange5.11–5.12.19

linuxlinux_kernelRange5.13–5.13.4

Node

netapphci_bootstrap_osMatch-

AND

netapphci_compute_nodeMatch-

Node

netapphci_management_nodeMatch-

netappsolidfireMatch-

Node

netapphci_storage_nodeMatch-

AND

netappelement_softwareMatch-

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

redhatenterprise_linuxMatch8.0

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
netapphci_bootstrap_os-cpe:2.3:o:netapp:hci_bootstrap_os:-:*:*:*:*:*:*:*
netapphci_compute_node-cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
netapphci_storage_node-cpe:2.3:h:netapp:hci_storage_node:-:*:*:*:*:*:*:*
netappelement_software-cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*
debiandebian_linux9.0cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
redhatenterprise_linux8.0cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
netapp	hci_bootstrap_os	-	cpe:2.3:o:netapp:hci_bootstrap_os:-:::::::*
netapp	hci_compute_node	-	cpe:2.3:h:netapp:hci_compute_node:-:::::::*
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
netapp	hci_storage_node	-	cpe:2.3:h:netapp:hci_storage_node:-:::::::*
netapp	element_software	-	cpe:2.3:a:netapp:element_software:-:::::::*
debian	debian_linux	9.0	cpe:2.3:o:debian:debian_linux:9.0:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
redhat	enterprise_linux	8.0	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*