~/cve/CVE-2021-38575

pipeline liveDigest Docs

CVE-2021-38575

published 2021-12-01

CVE-2021-38575: NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

high8.1CVSS 3.1

AVNACHPRNUINSUCHIHAH

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

Affected

18 ranges

Vendor	Product	Version range	Fixed in
debian	edk2	< edk2 2021.08-1 (bookworm)	edk2 2021.08-1 (bookworm)
insyde	kernel	—	—
insyde	kernel	—	—
insyde	kernel	—	—
insyde	kernel	—	—
insyde	kernel	—	—
insyde	kernel	—	—
tianocore	edk2	<= 202105	—
tianocore	edk2	>= 0 < 2020.11-2+deb11u3	2020.11-2+deb11u3
tianocore	edk2	>= 0 < 2021.08-1	2021.08-1
tianocore	edk2	>= 0 < 2021.08-1	2021.08-1
tianocore	edk2	>= 0 < 2021.08-1	2021.08-1
tianocore	edk2	>= 0 < 0~20191122.bd85bf54-2ubuntu3.3	0~20191122.bd85bf54-2ubuntu3.3
tianocore	edk2	>= 0 < 0~20191122.bd85bf54-2ubuntu3.6	0~20191122.bd85bf54-2ubuntu3.6
tianocore	edk2	>= 0 < 2022.02-3ubuntu0.22.04.3	2022.02-3ubuntu0.22.04.3
tianocore	edk2	>= 0 < 0~20160408.ffea0a2c-2ubuntu0.2+esm3	0~20160408.ffea0a2c-2ubuntu0.2+esm3
tianocore	edk2	>= 0 < 0~20180205.c0d9813c-2ubuntu0.3+esm2	0~20180205.c0d9813c-2ubuntu0.3+esm2
tianocore	edk_ii	unspecified – edk2-stable202105	—

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

osv8.1HIGH