CVE-2021-3501
published 2021-05-06CVE-2021-3501: A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by…
high7.1CVSS 3.1
AVLACLPRLUINSUCNIHAH
A flaw was found in the Linux kernel in versions before 5.12. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 5.10.38-1 (bookworm) | linux 5.10.38-1 (bookworm) |
| fedoraproject | fedora | — | — |
| linux | linux_kernel | < 5.12 | 5.12 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 5.10.38-1 | 5.10.38-1 |
| linux | linux_kernel | >= 0 < 5.10.38-1 | 5.10.38-1 |
| linux | linux_kernel | >= 0 < 5.10.38-1 | 5.10.38-1 |
| linux | linux_kernel | >= 0 < 5.10.38-1 | 5.10.38-1 |
| msrc | cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_kernel_5.10.60.1-1_on_cbl_mariner_1.0 | — | — |
| paloalto | pan-os | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_for_real_time | — | — |
| redhat | enterprise_linux_for_real_time_for_nfv | — | — |
| redhat | enterprise_linux_for_real_time_for_nfv_tus | — | — |
| redhat | enterprise_linux_for_real_time_tus | — | — |
| redhat | virtualization | — | — |
| redhat | virtualization_host | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
osv7.1HIGH