CVE-2021-38166 - log back

CVE-2021-38166 edited at 22 Aug 2021 10:51:02
Description
- In kernel/bpf/hashtab.c in the Linux kernel, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
+ In kernel/bpf/hashtab.c in the Linux kernel before version 5.13.12, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.12&id=ada7135e6d998030de0d166aa6a2438031f70fe3
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.60&id=e95620c3bdff83bdb15484e6ea7cc47af36fbc6d
CVE-2021-38166 edited at 08 Aug 2021 14:45:59
Description
- In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
+ In kernel/bpf/hashtab.c in the Linux kernel, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
CVE-2021-38166 edited at 07 Aug 2021 19:49:02
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
References
+ https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
CVE-2021-38166 created at 07 Aug 2021 19:47:09
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes