CVE-2021-38201Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-787Out-of-bounds Write13 documents7 sources
Severity
7.5HIGHNVD
OSV5.5OSV4.7
EPSS
1.3%
top 20.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.10.78.1-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedAug 8
Latest updateMay 24

Description

net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel5.11.05.12.19+1
debiandebian/linux

Patches

Patch: cdn.kernel.orgPatch: github.comPatch: cdn.kernel.org

🔴Vulnerability Details

6
GHSA
GHSA-5w93-hr8w-rppx: net/sunrpc/xdr2022-05-24
OSV
linux-azure, linux-azure-5.11 regression2021-10-18
OSV
linux-hwe-5.11, linux-azure, linux-azure-5.11, linux-oracle-5.11 vulnerabilities2021-09-29
OSV
linux-oem-5.13 vulnerabilities2021-09-29
OSV
linux, linux-aws, linux-aws-5.11, linux-gcp, linux-kvm, linux-oracle, linux-raspi vulnerabilities2021-09-28

📋Vendor Advisories

6
Ubuntu
Linux kernel (Azure) regression2021-10-18
Ubuntu
Linux kernel vulnerabilities2021-09-29
Ubuntu
Linux kernel (OEM) vulnerabilities2021-09-29
Microsoft
net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attackers to cause a denial of service (xdr_set_page_base slab-out-of-bounds access) by performing many NFS 4.2 READ_PLUS operations.2021-08-10
Red Hat
kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c2021-06-13
CVE-2021-38201 — Linux Kernel vulnerability | cvebase