7.8

CVE-2021-42008

Exploit
The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.12 < 4.4.282
LinuxLinux Kernel Version >= 4.5 < 4.9.281
LinuxLinux Kernel Version >= 4.10 < 4.14.245
LinuxLinux Kernel Version >= 4.15 < 4.19.205
LinuxLinux Kernel Version >= 4.20 < 5.4.143
LinuxLinux Kernel Version >= 5.5 < 5.10.61
LinuxLinux Kernel Version >= 5.11 < 5.13.13
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.48% 0.706
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Third Party Advisory
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13
Vendor Advisory
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20211104-0002/
Third Party Advisory
https://www.youtube.com/watch?v=d5f9xLK8Vhw
Third Party Advisory
Exploit