In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2021-38160 | Third Party Advisory |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | Release Notes Vendor Advisory |
https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210902-0010/ | Third Party Advisory |
https://www.debian.org/security/2021/dsa-4978 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-07T03:31:12
Updated: 2021-12-17T00:06:39
Reserved: 2021-08-07T00:00:00
Link: CVE-2021-38160
JSON object: View
NVD Information
Status : Modified
Published: 2021-08-07T04:15:06.967
Modified: 2024-05-17T01:59:29.307
Link: CVE-2021-38160
JSON object: View
Redhat Information
No data.
CWE