CVE-2021-38160

Updated: 2024-11-30 03:43:56.963663

Description:

In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.2
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2021:1632262296 2022-05-05 12:01:33
CentOS 7 ELS kernel 3.10.0 7.8 HIGH Released CLSA-2024:1720468480 2024-07-23 17:33:42
CentOS 8.4 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2022:1651145959 2022-04-28 15:59:37
CentOS 8.5 ELS kernel 4.18.0 7.8 HIGH Released CLSA-2022:1651146021 2022-04-28 15:59:03
CloudLinux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2023:1687202317 2024-04-09 11:34:59
Oracle Linux 6 ELS kernel 2.6.32 7.8 HIGH Released CLSA-2022:1669850228 2022-11-30 19:57:45
Ubuntu 16.04 ELS linux 4.4.0 7.8 HIGH Released 2022-01-01 14:14:03
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.8 HIGH Already Fixed 2022-10-05 03:14:59
Ubuntu 18.04 ELS linux 4.15.0 7.8 HIGH Already Fixed 2023-06-02 09:10:38