CVE-2021-31916
First published: Mon Mar 29 2021(Updated: )
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-348.rt7.130.el8 | 0:4.18.0-348.rt7.130.el8 |
| redhat/kernel | <0:4.18.0-348.el8 | 0:4.18.0-348.el8 |
| Linux Linux kernel | <5.12 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| redhat/Kernel | <5.12 | 5.12 |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.115-1 6.1.119-1 6.11.10-1 6.12.5-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-31916 https://nvd.nist.gov/vuln/detail/CVE-2021-31916 https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a https://seclists.org/oss-sec/2021/q1/268
- https://bugzilla.redhat.com/show_bug.cgi?id=1946965
- https://access.redhat.com/errata/RHSA-2021:4140
- https://access.redhat.com/errata/RHSA-2021:4356
- https://access.redhat.com/security/cve/cve-2021-31916
- https://github.com/torvalds/linux/commit/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
- https://seclists.org/oss-sec/2021/q1/268
- https://launchpad.net/bugs/cve/CVE-2021-31916
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1946966
- https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a
- https://www.openwall.com/lists/oss-security/2021/03/28/1
- https://security-tracker.debian.org/tracker/CVE-2021-31916
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31916
- https://nvd.nist.gov/vuln/detail/CVE-2021-31916
- https://ubuntu.com/security/CVE-2021-31916
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-31916
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- collector/usn-cve
- source/Ubuntu
- agent/tags
- agent/description
- agent/event
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/debian