CVE-2021-47352

HIGH

Linux Kernel < 5.4.293 - Out-of-bounds Write via Untrusted Virtio-Net Used Length

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss.

Scores

CVSS v3 7.8
EPSS 0.0026
EPSS Percentile 17.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-787
Status published
Products (13)
Linux/Linux < 4.11
Linux/Linux 4.11
Linux/Linux 5.10.51 - 5.10.*
Linux/Linux 5.12.18 - 5.12.*
Linux/Linux 5.13.3 - 5.13.*
Linux/Linux 5.14
Linux/Linux 5.4.293 - 5.4.*
Linux/Linux f6b10209b90d48a84f886ab2b317b5d2cbfe3143 - 3133e01514c3c498f2b01ff210ee6134b70c663c
Linux/Linux f6b10209b90d48a84f886ab2b317b5d2cbfe3143 - ad993a95c508417acdeb15244109e009e50d8758
Linux/Linux f6b10209b90d48a84f886ab2b317b5d2cbfe3143 - ba710baa1cc1b17a0483f7befe03e696efd17292
... and 3 more
Published May 21, 2024
Tracked Since Feb 18, 2026