In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
References
Configurations
History
01 Apr 2022, 20:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4978 - Third Party Advisory |
25 Sep 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2021, 16:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GUVLBJKZMWA3E3YXSH4SZ7BOYGJP4GXP/ - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210909-0001/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UL6CH5M5PRLMA3KPBX4LPUO6Z73GRISO/ - Mailing List, Third Party Advisory |
09 Sep 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Aug 2021, 16:04
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6 - Patch, Vendor Advisory | |
References | (MISC) https://lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu@gmail.com/ - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
CWE | CWE-787 CWE-190 |
07 Aug 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-07 18:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-38166
Mitre link : CVE-2021-38166
CVE.ORG link : CVE-2021-38166
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
linux
- linux_kernel