CVE-2021-38160
CVSS v3.1
7.8 (High)
CVSS v2.0
7.2 (High)
EPSS
0.04 % (15th)
Affected Products
9
Advisories
43
NVD Status
Analyzed
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
Weaknesses
- CWE-120
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CVE Status
- PUBLISHED
- NVD Status
- Analyzed
- CNA
- MITRE
- Published Date
-
2021-08-07 04:15:06
(3 years ago) - Updated Date
-
2024-08-27 19:37:50
(2 weeks ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
AND |
|
---|
Configuration #3
|
Configuration #4
AND |
|
---|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...