CVE-2021-31916

Updated: 2022-09-27 18:05:27.553652

Description:

An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.1
CVSS Version 3.x MEDIUM 6.7

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS kernel 2.6.32 6.7 MEDIUM Released CLSA-2022:1650377052 2022-05-04 13:12:08
CentOS 8.4 ELS kernel 4.18.0-305.25.1 6.7 MEDIUM Released CLSA-2022:1651145959 2022-04-28 16:00:02
CentOS 8.5 ELS kernel 4.18.0-348.7.1 6.7 MEDIUM Ignored 2022-02-21 05:39:39
CloudLinux 6 ELS kernel 2.6.32 6.7 MEDIUM Ignored 2022-01-27 11:20:18
Oracle Linux 6 ELS kernel 2.6.32 6.7 MEDIUM Released CLSA-2022:1669850228 2022-11-30 19:57:57
Ubuntu 16.04 ELS linux 4.4.0 6.7 MEDIUM Released 2022-01-01 14:13:59
Ubuntu 16.04 ELS linux-hwe 4.15.0 6.7 MEDIUM Ignored 2022-09-28 08:02:28

Statement

Will not fix: low score