{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2021-47352", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-21T14:28:16.985Z", "datePublished": "2024-05-21T14:35:56.473Z", "dateUpdated": "2025-12-18T11:37:05.837Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-18T11:37:05.837Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: Add validation for used length\n\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/virtio_net.c"], "versions": [{"version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "c1b40d1959517ff2ea473d40eeab4691d6d62462", "status": "affected", "versionType": "git"}, {"version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "c92298d228f61589dd21657af2bea95fc866b813", "status": "affected", "versionType": "git"}, {"version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "3133e01514c3c498f2b01ff210ee6134b70c663c", "status": "affected", "versionType": "git"}, {"version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "ba710baa1cc1b17a0483f7befe03e696efd17292", "status": "affected", "versionType": "git"}, {"version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "ad993a95c508417acdeb15244109e009e50d8758", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/virtio_net.c"], "versions": [{"version": "4.11", "status": "affected"}, {"version": "0", "lessThan": "4.11", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.293", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.51", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.12.18", "lessThanOrEqual": "5.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.13.3", "lessThanOrEqual": "5.13.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.14", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.4.293"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.10.51"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.12.18"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.13.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.11", "versionEndExcluding": "5.14"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462"}, {"url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813"}, {"url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c"}, {"url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292"}, {"url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758"}], "title": "virtio-net: Add validation for used length", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.505Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47352", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:39.694535Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:48.464Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T05:32:08.505Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-47352", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T15:38:39.694535Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.851Z"}}], "cna": {"title": "virtio-net: Add validation for used length", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "c1b40d1959517ff2ea473d40eeab4691d6d62462", "versionType": "git"}, {"status": "affected", "version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "c92298d228f61589dd21657af2bea95fc866b813", "versionType": "git"}, {"status": "affected", "version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "3133e01514c3c498f2b01ff210ee6134b70c663c", "versionType": "git"}, {"status": "affected", "version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "ba710baa1cc1b17a0483f7befe03e696efd17292", "versionType": "git"}, {"status": "affected", "version": "f6b10209b90d48a84f886ab2b317b5d2cbfe3143", "lessThan": "ad993a95c508417acdeb15244109e009e50d8758", "versionType": "git"}], "programFiles": ["drivers/net/virtio_net.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "4.11"}, {"status": "unaffected", "version": "0", "lessThan": "4.11", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.293", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.51", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.12.18", "versionType": "semver", "lessThanOrEqual": "5.12.*"}, {"status": "unaffected", "version": "5.13.3", "versionType": "semver", "lessThanOrEqual": "5.13.*"}, {"status": "unaffected", "version": "5.14", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/virtio_net.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462"}, {"url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813"}, {"url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c"}, {"url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292"}, {"url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: Add validation for used length\n\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.4.293", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.51", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.12.18", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.13.3", "versionStartIncluding": "4.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.14", "versionStartIncluding": "4.11"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-12-18T11:37:05.837Z"}}}, "cveMetadata": {"cveId": "CVE-2021-47352", "state": "PUBLISHED", "dateUpdated": "2025-12-18T11:37:05.837Z", "dateReserved": "2024-05-21T14:28:16.985Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-21T14:35:56.473Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "389EB980-4648-446E-A0DC-5FB0265E0F02", "versionEndExcluding": "5.4.293", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "93289127-DFB3-4515-89DD-50521FF8B7FF", "versionEndExcluding": "5.10.51", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "79D13C82-E06F-4A70-A3D1-C09494FBC94D", "versionEndExcluding": "5.12.18", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "853187F6-707A-487B-95C0-621B5211B43C", "versionEndExcluding": "5.13.3", "versionStartIncluding": "5.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-net: Add validation for used length\n\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss."}, {"lang": "es", "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: virtio-net: Agregar validaci\u00f3n para la longitud utilizada. Esto agrega validaci\u00f3n para la longitud utilizada (puede provenir de un dispositivo que no es de confianza) para evitar la corrupci\u00f3n o p\u00e9rdida de datos."}], "id": "CVE-2021-47352", "lastModified": "2025-11-14T17:22:04.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-21T15:15:21.620", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c1b40d1959517ff2ea473d40eeab4691d6d62462"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3133e01514c3c498f2b01ff210ee6134b70c663c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ad993a95c508417acdeb15244109e009e50d8758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ba710baa1cc1b17a0483f7befe03e696efd17292"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/c92298d228f61589dd21657af2bea95fc866b813"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7001", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:7000", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.22.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-09-24T00:00:00Z"}, {"advisory": "RHSA-2024:6753", "cpe": "cpe:/o:redhat:rhel_aus:8.6", "package": "kernel-0:4.18.0-372.123.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6753", "cpe": "cpe:/o:redhat:rhel_tus:8.6", "package": "kernel-0:4.18.0-372.123.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6753", "cpe": "cpe:/o:redhat:rhel_e4s:8.6", "package": "kernel-0:4.18.0-372.123.1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6993", "cpe": "cpe:/o:redhat:rhel_eus:8.8", "package": "kernel-0:4.18.0-477.74.1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-09-24T00:00:00Z"}], "bugzilla": {"description": "kernel: virtio-net: Add validation for used length", "id": "2282401", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2282401"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nvirtio-net: Add validation for used length\nThis adds validation for used length (might come\nfrom an untrusted device) to avoid data corruption\nor loss.", "A vulnerability was found in the Linux kernel\u2019s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-47352", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-47352\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47352\nhttps://lore.kernel.org/linux-cve-announce/2024052141-CVE-2021-47352-df50@gregkh/T"], "statement": "This vulnerability is rated as a moderate severity because it involves potential data corruption or loss, but requires exploitation through specific conditions involving untrusted devices and does not directly impact system confidentiality or integrity, but can lead to significant system disruptions.", "threat_severity": "Moderate"}

{}