CVE-2021-38160
published 2021-08-07CVE-2021-38160: In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | linux | < linux 5.14.6-1 (bookworm) | linux 5.14.6-1 (bookworm) |
| linux | linux_kernel | >= 0 < 5.10.46-5 | 5.10.46-5 |
| linux | linux_kernel | >= 0 < 5.14.6-1 | 5.14.6-1 |
| linux | linux_kernel | >= 0 < 5.14.6-1 | 5.14.6-1 |
| linux | linux_kernel | >= 0 < 5.14.6-1 | 5.14.6-1 |
| linux | linux_kernel | >= 0 < 4.15.0-156.163 | 4.15.0-156.163 |
| linux | linux_kernel | >= 0 < 5.4.0-88.99 | 5.4.0-88.99 |
| linux | linux_kernel | >= 0 < 4.4.0-222.255 | 4.4.0-222.255 |
| linux | linux_kernel | >= 2.6.24 < 4.4.276 | 4.4.276 |
| linux | linux_kernel | >= 4.10 < 4.14.240 | 4.14.240 |
| linux | linux_kernel | >= 4.15 < 4.19.198 | 4.19.198 |
| linux | linux_kernel | >= 4.20 < 5.4.134 | 5.4.134 |
| linux | linux_kernel | >= 4.5 < 4.9.276 | 4.9.276 |
| linux | linux_kernel | >= 5.11 < 5.12.19 | 5.12.19 |
| linux | linux_kernel | >= 5.13 < 5.13.4 | 5.13.4 |
| linux | linux_kernel | >= 5.5 < 5.10.52 | 5.10.52 |
| msrc | cbl2_kernel_5.10.78.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_kernel_5.10.60.1-1_on_cbl_mariner_1.0 | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2022-03-22·CVSS 7.8
CVE-2020-25673 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)
It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly us
Ubuntu
Linux kernel (Azure) regression
vendor_ubuntu·2021-10-18·CVSS 4.7
[MEDIUM] Linux kernel (Azure) regression
Title: Linux kernel (Azure) regression
Summary: USN-5092-2 introduced a regression in the Linux kernel for Microsoft
Azure cloud systems.
USN-5092-2 fixed vulnerabilities in Linux 5.11-based kernels.
Unfortunately, for Linux kernels intended for use within Microsoft
Azure environments, that update introduced a regression that could
cause the kernel to fail to boot in large Azure instance types.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in th
Ubuntu
Linux kernel (Azure) regression
vendor_ubuntu·2021-10-15·CVSS 4.7
[MEDIUM] Linux kernel (Azure) regression
Title: Linux kernel (Azure) regression
Summary: USN-5091-1 introduced a regression in the Linux kernel for Microsoft
Azure cloud systems.
USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels.
Unfortunately, for Linux kernels intended for use within Microsoft
Azure environments, that update introduced a regression that could
cause the kernel to fail to boot in large Azure instance types.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
It was discov
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2021-10-06·CVSS 6.5
CVE-2021-22543 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
It was discovered that the Linux kernel did not properly enforce certain
types of entries in the Secure Boot Forbidden Signature Database (aka dbx)
protection mechanism. An attacker could use this to bypass UEFI Secure Boot
restrictions. (CVE-2020-26541)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly perform reference counting in some situations,
leading to a use-after-free vulnerability. An attacker who could start and
control a VM could po
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2021-09-30·CVSS 4.7
CVE-2021-3679 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)
It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cau
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-09-29·CVSS 4.7
CVE-2021-41073 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
Benedict Schlueter discovered that the BPF subsystem in the Linux kernel
did not properly protect against Speculative Store Bypass (SSB) side-
channel attacks in some situations. A local attacker could possib
Ubuntu
Linux kernel (OEM) vulnerabilities
vendor_ubuntu·2021-09-29·CVSS 5.5
CVE-2021-38204 [MEDIUM] Linux kernel (OEM) vulnerabilities
Title: Linux kernel (OEM) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Benedict Schlueter discovered that the BPF subsystem in the Linux kernel
did not properly protect against Speculative Store Bypass (SSB) side-
channel attacks in some situations. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-34556)
Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not
properly protect against Speculative Store Bypass (SSB) side-channel
attacks in some situations. A local attacker could possibly use this to
expos
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-09-28·CVSS 4.7
CVE-2021-38160 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)
Alexey Kardashevskiy discovered that the KVM implementation for PowerPC
systems in the Linux kernel did not properly validate RTAS arguments in
some situations. An attacker in a guest vm could use th
Ubuntu
Linux kernel (Raspberry Pi) vulnerabilities
vendor_ubuntu·2021-09-22·CVSS 5.5
CVE-2021-38160 [MEDIUM] Linux kernel (Raspberry Pi) vulnerabilities
Title: Linux kernel (Raspberry Pi) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)
Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)
It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input
Ubuntu
Linux kernel (GCP) vulnerabilities
vendor_ubuntu·2021-09-17·CVSS 5.5
CVE-2021-38160 [MEDIUM] Linux kernel (GCP) vulnerabilities
Title: Linux kernel (GCP) vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host's physical
memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host's physical memory. (CVE-2021-3653)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementati
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2021-09-09·CVSS 5.5
CVE-2021-3612 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host's physical
memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host's physical memory. (CVE-2021-3653)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in
Microsoft
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4 data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the v
vendor_msrc·2021-08-10·CVSS 7.8
CVE-2021-38160 [HIGH] CWE-120 In drivers/char/virtio_console.c in the Linux kernel before 5.13.4 data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the v
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4 data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to t
Red Hat
kernel: data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c
vendor_redhat·2021-07-03·CVSS 7.8
CVE-2021-38160 [HIGH] CWE-1284 kernel: data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c
kernel: data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
This CVE is being DISPUTED (*) by Red Hat with a note that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior.
(*) https://
Debian
CVE-2021-38160: linux - In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corrupt...
vendor_debian·2021·CVSS 7.8
CVE-2021-38160 [HIGH] CVE-2021-38160: linux - In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corrupt...
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
Scope: local
bookworm: resolved (fixed in 5.14.6-1)
bullseye: resolved (fixed in 5.10.46-5)
forky: resolved (fixed in 5.14.6-1)
sid: resolved (fixed in 5.14.6-1)
trixie: resolved (fixed in 5.14.6-1)
OSV
CVE-2021-38160: In get_inbuf and control_work_handler of virtio_console
osv·2022-06-01
CVE-2021-38160 CVE-2021-38160: In get_inbuf and control_work_handler of virtio_console
In get_inbuf and control_work_handler of virtio_console.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
GHSA
GHSA-fjw9-4q3j-vpq4: In drivers/char/virtio_console
ghsa_unreviewed·2022-05-24
CVE-2021-38160 [HIGH] CWE-120 GHSA-fjw9-4q3j-vpq4: In drivers/char/virtio_console
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2022-03-22·CVSS 7.8
CVE-2022-0492 [HIGH] linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Yiqi Sun and Kevin Wang discovered that the cgroups implementation in the
Linux kernel did not properly restrict access to the cgroups v1
release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)
It was discovered that the aufs file system in the Linux kernel did not
properly restrict mount namespaces, when mounted with the non-default
allow_userns option set. A local attacker could use this to gain
administrative privileges. (CVE-2016-2853)
It was discovered that the aufs file system in the Linux kernel did not
properly maintain POSIX ACL xattr data, when mounted with the non-default
allow_userns option. A local attacker could possibly use this to gain
elevated privileges. (CVE
OSV
linux-azure, linux-azure-5.11 regression
osv·2021-10-18·CVSS 4.7
[MEDIUM] linux-azure, linux-azure-5.11 regression
linux-azure, linux-azure-5.11 regression
USN-5092-2 fixed vulnerabilities in Linux 5.11-based kernels.
Unfortunately, for Linux kernels intended for use within Microsoft
Azure environments, that update introduced a regression that could
cause the kernel to fail to boot in large Azure instance types.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channe
OSV
linux-azure, linux-azure-5.4 regression
osv·2021-10-15·CVSS 4.7
[MEDIUM] linux-azure, linux-azure-5.4 regression
linux-azure, linux-azure-5.4 regression
USN-5091-1 fixed vulnerabilities in Linux 5.4-based kernels.
Unfortunately, for Linux kernels intended for use within Microsoft
Azure environments, that update introduced a regression that could
cause the kernel to fail to boot in large Azure instance types.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buf
OSV
linux-oem-5.10 vulnerabilities
osv·2021-10-06·CVSS 6.5
CVE-2021-41073 [MEDIUM] linux-oem-5.10 vulnerabilities
linux-oem-5.10 vulnerabilities
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
It was discovered that the Linux kernel did not properly enforce certain
types of entries in the Secure Boot Forbidden Signature Database (aka dbx)
protection mechanism. An attacker could use this to bypass UEFI Secure Boot
restrictions. (CVE-2020-26541)
It was discovered that the KVM hypervisor implementation in the Linux
kernel did not properly perform reference counting in some situations,
leading to a use-after-free vulnerability. An attacker who could start and
control a VM could possibly use this to expose sensitive information or
execute arbitrary code. (C
OSV
linux-raspi, linux-raspi-5.4 vulnerabilities
osv·2021-09-30·CVSS 4.7
CVE-2021-33624 [MEDIUM] linux-raspi, linux-raspi-5.4 vulnerabilities
linux-raspi, linux-raspi-5.4 vulnerabilities
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)
It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2021-38160)
Michael Wakabay
OSV
linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11 vulnerabilities
osv·2021-09-29·CVSS 4.7
CVE-2021-41073 [MEDIUM] linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11 vulnerabilities
linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11 vulnerabilities
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
Benedict Schlueter discovered that the BPF subsystem in the Linux kernel
did not properly protect against Speculative Store Bypass (SSB) side-
channel attacks in some situations. A local attacker could possibly use
this to expose
OSV
linux-oem-5.13 vulnerabilities
osv·2021-09-29·CVSS 5.5
CVE-2021-41073 [MEDIUM] linux-oem-5.13 vulnerabilities
linux-oem-5.13 vulnerabilities
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Benedict Schlueter discovered that the BPF subsystem in the Linux kernel
did not properly protect against Speculative Store Bypass (SSB) side-
channel attacks in some situations. A local attacker could possibly use
this to expose sensitive information. (CVE-2021-34556)
Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not
properly protect against Speculative Store Bypass (SSB) side-channel
attacks in some situations. A local attacker could possibly use this to
expose sensitive information. (CVE-2021-35477)
Murray McAllister discovered that
OSV
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.
osv·2021-09-28·CVSS 4.7
[MEDIUM] linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
It was discovered that the tracing subsystem in the Linux kernel did not
properly keep track of per-cpu ring buffer state. A privileged attacker
could use this to cause a denial of service. (CVE-2021-3679)
Alexey Kardashevskiy discovered that the KVM implementation for PowerPC
systems in
OSV
linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities
osv·2021-09-28·CVSS 4.7
CVE-2021-41073 [MEDIUM] linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities
linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities
Valentina Palmiotti discovered that the io_uring subsystem in the Linux
kernel could be coerced to free adjacent memory. A local attacker could use
this to execute arbitrary code. (CVE-2021-41073)
Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk
discovered that the BPF verifier in the Linux kernel missed possible
mispredicted branches due to type confusion, allowing a side-channel
attack. An attacker could use this to expose sensitive information.
(CVE-2021-33624)
Benedict Schlueter discovered that the BPF subsystem in the Linux kernel
did not properly protect against Speculative Store Bypass (SSB) side-
channel attacks in some situations. A local attacker could possibly u
OSV
linux-raspi2 vulnerabilities
osv·2021-09-22·CVSS 5.5
CVE-2021-34693 [MEDIUM] linux-raspi2 vulnerabilities
linux-raspi2 vulnerabilities
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some situations. A local attacker could use this to expose sensitive
information (kernel memory). (CVE-2021-34693)
Murray McAllister discovered that the joystick device interface in the
Linux kernel did not properly validate data passed via an ioctl(). A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code on systems with a joystick device
registered. (CVE-2021-3612)
It was discovered that the Virtio console implementation in the Linux
kernel did not properly validate input lengths in some situations. A local
attacker could possibly use this to cause a denial
OSV
linux-gcp, linux-gcp-4.15 vulnerabilities
osv·2021-09-17·CVSS 5.5
CVE-2021-3656 [MEDIUM] linux-gcp, linux-gcp-4.15 vulnerabilities
linux-gcp, linux-gcp-4.15 vulnerabilities
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host's physical
memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host's physical memory. (CVE-2021-3653)
Norbert Slusarek discovered that the CAN broadcast manger (bcm) protocol
implementation in the Linux kernel did not properly initialize memory in
some
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
osv·2021-09-09·CVSS 5.5
CVE-2021-3656 [MEDIUM] linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm, linux-oracle, linux-snapdragon vulnerabilities
Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor
implementation for AMD processors in the Linux kernel allowed a guest VM to
disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a
guest VM could use this to read or write portions of the host's physical
memory. (CVE-2021-3656)
Maxim Levitsky discovered that the KVM hypervisor implementation for AMD
processors in the Linux kernel did not properly prevent a guest VM from
enabling AVIC in nested guest VMs. An attacker in a guest VM could use this
to write to portions of the host's physical memory. (CVE-2021-3653)
Norbert Slusarek discovered that the CAN bro
OSV
CVE-2021-38160: In drivers/char/virtio_console
osv·2021-08-07·CVSS 7.8
CVE-2021-38160 [HIGH] CVE-2021-38160: In drivers/char/virtio_console
In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://access.redhat.com/security/cve/cve-2021-38160https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlhttps://security.netapp.com/advisory/ntap-20210902-0010/https://www.debian.org/security/2021/dsa-4978https://access.redhat.com/security/cve/cve-2021-38160https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46https://lists.debian.org/debian-lts-announce/2021/10/msg00010.htmlhttps://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlhttps://security.netapp.com/advisory/ntap-20210902-0010/https://www.debian.org/security/2021/dsa-4978
2021-08-07
Published