CVE-2021-38160

Summary

CVE	CVE-2021-38160
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-07 04:15:00 UTC
Updated	2023-11-07 03:37:00 UTC
Description	DISPUTED In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.

Risk And Classification

Problem Types: CWE-120

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Application	Netapp	Element Software	-	All	All	All
Operating System	Netapp	Hci Bootstrap Os	-	All	All	All
Hardware	Netapp	Hci Compute Node	-	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Hardware	Netapp	Hci Storage Node	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

References

Reference	Source	Link	Tags
August 2021 Linux Kernel 5.13.4 Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4	MISC	cdn.kernel.org
[SECURITY] [DLA 2785-1] linux-4.19 security update	MLIST	lists.debian.org
Debian -- Security Information -- DSA-4978-1 linux	DEBIAN	www.debian.org
[SECURITY] [DLA 2843-1] linux security update	MLIST	lists.debian.org
virtio_console: Assure used length from device is limited · torvalds/linux@d00d8da · GitHub	MISC	github.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159402 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9458)
159403 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9459)
159404 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9460)
159424 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9485)
159427 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9488)
178809 Debian Security Update for linux (DSA 4978-1)
178844 Debian Security Update for linux-4.19 (DLA 2785-1)
178943 Debian Security Update for linux (DLA 2843-1)
180271 Debian Security Update for linux (CVE-2021-38160)
198497 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5073-1)
198506 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5073-2)
198507 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5073-3)
198514 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5091-1)
198515 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5092-1)
198521 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5091-2)
198523 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5092-2)
198524 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5096-1)
198533 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5106-1)
353097 Amazon Linux Security Advisory for kernel : ALAC2012-2021-033
353098 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2021-034
353099 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2021-035
353145 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-006
353156 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-004
390248 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2021-0035)
610418 Google Pixel Android June 2022 Security Patch Missing
610422 Google Android July 2022 Security Patch Missing for Huawei EMUI
671051 EulerOS Security Update for kernel (EulerOS-SA-2021-2663)
671134 EulerOS Security Update for kernel (EulerOS-SA-2021-2688)
671135 EulerOS Security Update for kernel (EulerOS-SA-2021-2636)
671137 EulerOS Security Update for kernel (EulerOS-SA-2021-2713)
671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
751137 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1271-1)
751155 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3192-1)
751160 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3179-1)
751163 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3206-1)
751170 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3205-1)
751238 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:3459-1)
751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
900294 CBL-Mariner Linux Security Update for kernel 5.10.52.1
900304 CBL-Mariner Linux Security Update for kernel 5.10.57.1
900319 CBL-Mariner Linux Security Update for kernel 5.10.60.1
901021 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6580-1)
902942 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5155)
905790 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (5155-1)