CVE-2021-3506Out-of-bounds Read in Kernel

CWE-125Out-of-bounds Read21 documents8 sources
Severity
7.1HIGHNVD
OSV7.8OSV3.5
EPSS
0.1%
top 66.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxDebian Linux+6 more
Timeline
PublishedApr 19
Latest updateNov 14

Description

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages11 packages

NVDlinux/linux_kernel< 5.12+1
Debianlinux/linux_kernel< 5.10.38-1+3
Ubuntulinux/linux_kernel< 4.15.0-173.182+2
CVEListV5linux/linux_kernelkernel 5.12.0-rc4

Also affects: Debian Linux 9.0

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

8
GHSA
GHSA-63rg-3wjj-wxhg: An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node2022-05-24
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-gcp, linux-gcp-4.15, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2022-03-22
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-03-22
OSV
linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi vulnerabilities2021-07-20
OSV
linux-kvm vulnerabilities2021-06-25

📋Vendor Advisories

12
CISA ICS
Siemens SCALANCE M-800 Family2024-11-14
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2021-07-20
Ubuntu
Linux kernel (KVM) vulnerabilities2021-06-25