Unrated severityNVD Advisory· Published Aug 7, 2021· Updated Aug 4, 2024
CVE-2021-38166
CVE-2021-38166
Description
In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
41- Linux/Linux kerneldescription
- Range: <=5.13.8
- osv-coords39 versionspkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-preempt&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP3pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
< 5.3.18-59.24.1+ 38 more
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-38.22.2
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1.18.12.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-38.22.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.14.6-1.4
- (no CPE)range: < 5.3.18-38.22.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-38.22.2
- (no CPE)range: < 5.3.18-59.24.1.18.12.1
- (no CPE)range: < 5.3.18-59.24.1.18.12.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 1-7.5.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-38.22.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-38.22.1
- (no CPE)range: < 5.3.18-59.24.1
- (no CPE)range: < 5.3.18-59.24.1
Patches
Vulnerability mechanics
References
6- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUVLBJKZMWA3E3YXSH4SZ7BOYGJP4GXP/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UL6CH5M5PRLMA3KPBX4LPUO6Z73GRISO/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2021/dsa-4978mitrevendor-advisoryx_refsource_DEBIAN
- git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/mitrex_refsource_MISC
- lore.kernel.org/bpf/20210806150419.109658-1-th.yasumatsu%40gmail.com/mitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20210909-0001/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.