CVE Vulnerabilities

CVE-2021-38575

Buffer Underwrite ('Buffer Underflow')

Published: Dec 01, 2021 | Modified: Nov 21, 2024
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
8.1 IMPORTANT
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

Weakness

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer.

Affected Software

Name Vendor Start Version End Version
Edk2 Tianocore * 202105 (including)
Edk2 Ubuntu bionic *
Edk2 Ubuntu esm-apps/bionic *
Edk2 Ubuntu esm-apps/xenial *
Edk2 Ubuntu focal *
Edk2 Ubuntu hirsute *
Edk2 Ubuntu trusty *
Edk2 Ubuntu upstream *
Edk2 Ubuntu xenial *
Red Hat Enterprise Linux 8 RedHat edk2-0:20200602gitca407c7246bf-4.el8_4.2 *
Red Hat Enterprise Linux 8.1 Extended Update Support RedHat edk2-0:20190308git89910a39dcfd-6.el8_1.1 *
Red Hat Enterprise Linux 8.2 Extended Update Support RedHat edk2-0:20190829git37eef91017ad-9.el8_2.1 *
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 RedHat redhat-virtualization-host-0:4.4.7-20210804.0.el8_4 *

Potential Mitigations

References