CVE-2021-47352

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c	Patch
https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758	Patch
https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292	Patch
https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462	Patch
https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813	Patch
https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c	Patch
https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758	Patch
https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292	Patch
https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

12 May 2025, 19:54

Type	Values Removed	Values Added
First Time		Linux linux Kernel Linux
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CWE		CWE-787
CPE		cpe:2.3:o:linux:linux_kernel::::::::
References	~~() https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c -~~	() https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c - Patch
References	~~() https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 -~~	() https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 - Patch
References	~~() https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 -~~	() https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 - Patch
References	~~() https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462 -~~	() https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462 - Patch
References	~~() https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 -~~	() https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 - Patch

02 May 2025, 07:15

Type	Values Removed	Values Added
References		() https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462 -

21 Nov 2024, 06:35

Type	Values Removed	Values Added
References	~~() https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c -~~	() https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c -
References	~~() https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 -~~	() https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758 -
References	~~() https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 -~~	() https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292 -
References	~~() https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 -~~	() https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813 -
Summary		(es) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio-net: Agregar validación para la longitud utilizada. Esto agrega validación para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupción o pérdida de datos.

21 May 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 15:15

Updated : 2025-05-12 19:54

NVD link : CVE-2021-47352

Mitre link : CVE-2021-47352

CVE.ORG link : CVE-2021-47352

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-787

Out-of-bounds Write

7.8 /10