CVE-2021-38166 log

Source
Severity Medium
Remote No
Type Arbitrary code execution
Description
In kernel/bpf/hashtab.c in the Linux kernel before version 5.13.12, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
Group Package Affected Fixed Severity Status Ticket
AVG-2297 linux-lts 5.10.56-1 5.10.60-1 Medium Fixed
AVG-2296 linux-zen 5.13.10.zen1-1 5.13.12.zen1-1 Medium Fixed
AVG-2295 linux 5.13.10.arch1-1 5.13.12.arch1-1 Medium Fixed
AVG-2234 linux-hardened 5.12.19.hardened1-1 5.13.13.hardened1-1 Medium Fixed
References
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=ada7135e6d998030de0d166aa6a2438031f70fe3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=e95620c3bdff83bdb15484e6ea7cc47af36fbc6d