CVE-2021-38166 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	In kernel/bpf/hashtab.c in the Linux kernel before version 5.13.12, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.

Group	Package	Affected	Fixed	Severity	Status
AVG-2297	linux-lts	5.10.56-1	5.10.60-1	Medium	Fixed
AVG-2296	linux-zen	5.13.10.zen1-1	5.13.12.zen1-1	Medium	Fixed
AVG-2295	linux	5.13.10.arch1-1	5.13.12.arch1-1	Medium	Fixed
AVG-2234	linux-hardened	5.12.19.hardened1-1	5.13.13.hardened1-1	Medium	Fixed

References
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=ada7135e6d998030de0d166aa6a2438031f70fe3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=e95620c3bdff83bdb15484e6ea7cc47af36fbc6d

References

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=ada7135e6d998030de0d166aa6a2438031f70fe3
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=e95620c3bdff83bdb15484e6ea7cc47af36fbc6d