1. Home
  2. Vulnerabilities
  3. CVE-2021-38160

CVE-2021-38160

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 7.2 (High)
72% Progress
EPSS 0.04 % (15th)
0.04% Progress
Affected Products 9
Advisories 43
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior

Weaknesses
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
MITRE
Published Date
2021-08-07 04:15:06
(3 years ago)
Updated Date
2024-08-27 19:37:50
(2 weeks ago)

Affected Products

Debian

Linux

Netapp

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel from 2.6.24 version and prior 4.4.276 version cpe:2.3:o:linux:linux_kernel >= 2.6.24 < 4.4.276
  Linux Kernel from 4.5 version and prior 4.9.276 version cpe:2.3:o:linux:linux_kernel >= 4.5 < 4.9.276
  Linux Kernel from 4.10 version and prior 4.14.240 version cpe:2.3:o:linux:linux_kernel >= 4.10 < 4.14.240
  Linux Kernel from 4.15 version and prior 4.19.198 version cpe:2.3:o:linux:linux_kernel >= 4.15 < 4.19.198
  Linux Kernel from 4.20 version and prior 5.4.134 version cpe:2.3:o:linux:linux_kernel >= 4.20 < 5.4.134
  Linux Kernel from 5.5 version and prior 5.10.52 version cpe:2.3:o:linux:linux_kernel >= 5.5 < 5.10.52
  Linux Kernel from 5.11 version and prior 5.12.19 version cpe:2.3:o:linux:linux_kernel >= 5.11 < 5.12.19
  Linux Kernel from 5.13 version and prior 5.13.4 version cpe:2.3:o:linux:linux_kernel >= 5.13 < 5.13.4

Configuration #2

AND
    CPE23 From Up To
OR  
  Netapp Hci Bootstrap Os cpe:2.3:o:netapp:hci_bootstrap_os:-
OR  
  Running on/with
  Netapp Hci Compute Node cpe:2.3:h:netapp:hci_compute_node:-

Configuration #3

    CPE23 From Up To
  Netapp Hci Management Node cpe:2.3:a:netapp:hci_management_node:-
  Netapp Solidfire cpe:2.3:a:netapp:solidfire:-

Configuration #4

AND
    CPE23 From Up To
OR  
  Netapp Hci Storage Node cpe:2.3:h:netapp:hci_storage_node:-
OR  
  Running on/with
  Netapp Element Software cpe:2.3:a:netapp:element_software:-

Configuration #5

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0