Vulnerability Description
An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 5.11.10 |
| Debian | Debian Linux | 9.0 |
References
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d886PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlThird Party Advisory
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d886PatchVendor Advisory
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.htmlThird Party Advisory
FAQ
What is CVE-2021-29264?
CVE-2021-29264 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negati...
How severe is CVE-2021-29264?
CVE-2021-29264 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29264?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Debian Linux.