Vulnerability Description
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.24, < 4.4.276 |
| Netapp | Hci Bootstrap Os | - |
| Netapp | Hci Compute Node | - |
| Netapp | Hci Management Node | - |
| Netapp | Solidfire | - |
| Netapp | Hci Storage Node | - |
| Netapp | Element Software | - |
| Debian | Debian Linux | 9.0 |
| Redhat | Enterprise Linux | 8.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/cve-2021-38160Third Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4Release NotesVendor Advisory
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a4PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0010/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4978Third Party Advisory
- https://access.redhat.com/security/cve/cve-2021-38160Third Party Advisory
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4Release NotesVendor Advisory
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a4PatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20210902-0010/Third Party Advisory
- https://www.debian.org/security/2021/dsa-4978Third Party Advisory
FAQ
What is CVE-2021-38160?
CVE-2021-38160 is a vulnerability with a CVSS score of 7.8 (HIGH). In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the ...
How severe is CVE-2021-38160?
CVE-2021-38160 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-38160?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Netapp Hci Bootstrap Os, Netapp Hci Compute Node, Netapp Hci Management Node, Netapp Solidfire.