CVE-2021-47352

Summary

In the Linux kernel, the following vulnerability has been resolved:

virtio-net: Add validation for used length

This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf6b10209b90d48a84f886ab2b317b5d2cbfe3143 < c1b40d1959517ff2ea473d40eeab4691d6d62462affected
LinuxLinuxf6b10209b90d48a84f886ab2b317b5d2cbfe3143 < c92298d228f61589dd21657af2bea95fc866b813affected
LinuxLinuxf6b10209b90d48a84f886ab2b317b5d2cbfe3143 < 3133e01514c3c498f2b01ff210ee6134b70c663caffected
LinuxLinuxf6b10209b90d48a84f886ab2b317b5d2cbfe3143 < ba710baa1cc1b17a0483f7befe03e696efd17292affected
LinuxLinuxf6b10209b90d48a84f886ab2b317b5d2cbfe3143 < ad993a95c508417acdeb15244109e009e50d8758affected
LinuxLinux4.11affected
LinuxLinux0 < 4.11unaffected
LinuxLinux5.4.293 <= 5.4.*unaffected
LinuxLinux5.10.51 <= 5.10.*unaffected
LinuxLinux5.12.18 <= 5.12.*unaffected
LinuxLinux5.13.3 <= 5.13.*unaffected
LinuxLinux5.14 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References