CVE-2021-47352

high

Published 2024-09-24 · Modified 2024-09-24

CVSS v3

—

VIR risk

8.0

Description

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact

OS	Version	Status	Fixed in
rocky	8	fixed
sles		affected
debian	bookworm	fixed	`5.14.6-1`
debian	bullseye	fixed	`5.10.70-1`
debian	forky	fixed	`5.14.6-1`
debian	sid	fixed	`5.14.6-1`
debian	trixie	fixed	`5.14.6-1`

References

https://errata.rockylinux.org/RLSA-2024:7000
https://errata.rockylinux.org/RLSA-2024:7001
https://www.suse.com/security/cve/CVE-2021-47352.html
https://security-tracker.debian.org/tracker/CVE-2021-47352
https://access.redhat.com/errata/RHSA-2024:7000
https://bugzilla.redhat.com/2258012
https://bugzilla.redhat.com/2258013
https://bugzilla.redhat.com/2260038
https://bugzilla.redhat.com/2265799
https://bugzilla.redhat.com/2265838
https://bugzilla.redhat.com/2266358
https://bugzilla.redhat.com/2266750
https://bugzilla.redhat.com/2267036
https://bugzilla.redhat.com/2267041
https://bugzilla.redhat.com/2267795
https://bugzilla.redhat.com/2267916
https://bugzilla.redhat.com/2267925
https://bugzilla.redhat.com/2268295
https://bugzilla.redhat.com/2270103
https://bugzilla.redhat.com/2271648
https://bugzilla.redhat.com/2271796
https://bugzilla.redhat.com/2272793
https://bugzilla.redhat.com/2273141
https://bugzilla.redhat.com/2273148
https://bugzilla.redhat.com/2273180

💬 Discuss CVE-2021-47352 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.