7.8

CVE-2021-37576

Exploit
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.10 < 4.4.277
LinuxLinux Kernel Version >= 4.5 < 4.9.277
LinuxLinux Kernel Version >= 4.10 < 4.14.241
LinuxLinux Kernel Version >= 4.15 < 4.19.199
LinuxLinux Kernel Version >= 4.20 < 5.4.136
LinuxLinux Kernel Version >= 5.5 < 5.10.54
LinuxLinux Kernel Version >= 5.11 < 5.13.6
FedoraprojectFedora Version33
FedoraprojectFedora Version34
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.428
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.debian.org/security/2021/dsa-4978
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/07/27/2
Patch
Third Party Advisory
Exploit
Mailing List
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDFA7DSQIPM7XPNXJBXFWXHJFVUBCAG6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2YZ2DNURMYYVDT2NYAFDESJC35KCUDS/
https://lore.kernel.org/linuxppc-dev/87im0x1lqi.fsf%40mpe.ellerman.id.au/T/#u
https://security.netapp.com/advisory/ntap-20210917-0005/
Third Party Advisory