In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size. NOTE: the vendor indicates that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| linux | linux_kernel | 2.6.24 - 4.4.276 | - |
| linux | linux_kernel | 4.5 - 4.9.276 | - |
| linux | linux_kernel | 4.10 - 4.14.240 |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
15
Affected Products
14
References
linux / linux_kernel
| - |
| linux | linux_kernel | 4.15 - 4.19.198 | - |
| linux | linux_kernel | 4.20 - 5.4.134 | - |
| linux | linux_kernel | 5.5 - 5.10.52 | - |
| linux | linux_kernel | 5.11 - 5.12.19 | - |
| linux | linux_kernel | 5.13 - 5.13.4 | - |
| netapp | hci_bootstrap_os | - | - |
| netapp | hci_management_node | - | - |
| netapp | solidfire | - | - |
| netapp | element_software | - | - |
| debian | debian_linux | - | - |
| debian | debian_linux | - | - |
| redhat | enterprise_linux | - | - |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability
Impact