CVE-2021-38207Classic Buffer Overflow in Kernel

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
7.5HIGHNVD
OSV7.8OSV6.5
EPSS
2.5%
top 14.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.10.78.1-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedAug 8
Latest updateMay 24

Description

drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel< 5.12.13
Debianlinux/linux_kernel< 5.10.46-1+3
debiandebian/linux< linux 5.10.46-1 (bookworm)

Patches

Patch: cdn.kernel.orgPatch: github.comPatch: cdn.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-j3wf-j468-mv27: drivers/net/ethernet/xilinx/ll_temac_main2022-05-24
OSV
linux-azure-5.8 vulnerabilities2021-10-21
OSV
linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi vulnerabilities2021-09-08
OSV
CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main2021-08-08

📋Vendor Advisories

5
Ubuntu
Linux kernel (Azure) vulnerabilities2021-10-21
Ubuntu
Linux kernel vulnerabilities2021-09-08
Microsoft
drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 allows remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for ab2021-08-10
Red Hat
kernel: buffer overflow in drivers/net/ethernet/xilinx/ll_temac_main.c by sending heavy network traffic for about ten minutes2021-06-18
Debian
CVE-2021-38207: linux - drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before 5.12.13 a...2021
CVE-2021-38207 — Classic Buffer Overflow in Kernel | cvebase