In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46 | third party advisory patch |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4 | release notes vendor advisory |
| https://access.redhat.com/security/cve/cve-2021-38160 | third party advisory |
| https://security.netapp.com/advisory/ntap-20210902-0010/ | third party advisory |
| https://www.debian.org/security/2021/dsa-4978 | third party advisory vendor advisory |
| https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html | third party advisory mailing list |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html | third party advisory mailing list |