Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-3501

Related Vulnerabilities: CVE-2021-3501  

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

Source

Description

A flaw was found in the Linux kernel. The value of internal.ndata, in the KVM API, is mapped to an array index, which can be updated by a user process at anytime which could lead to an out-of-bounds write. The highest threat from this vulnerability is to data integrity and system availability.

Statement

This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.4.0 and onward kernel version.

This issue affected Linux kernel versions as shipped with Red Hat Enterprise Linux 8 starting with RHEL-8.4.0 and onward kernel version.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Additional Information

  • Bugzilla 1950136: CVE-2021-3501 kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run
  • CWE-787: Out-of-bounds Write
  • FAQ: Frequently asked questions about CVE-2021-3501

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started