Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2021-38575

Published: 14 September 2021

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

Priority

Medium

Cvss 3 Severity Score

8.1

Score breakdown

Status

Package Release Status
edk2
Launchpad, Ubuntu, Debian 		bionic Needs triage

focal
Released (0~20191122.bd85bf54-2ubuntu3.3)
hirsute
Released (2020.11-4ubuntu0.1)
impish Not vulnerable
(2021.08~rc0-2)
jammy Not vulnerable
(2021.08~rc0-2)
kinetic Not vulnerable
(2021.08~rc0-2)
trusty Does not exist

upstream
Released (2021.08-1)
xenial Needs triage

Patches:
upstream: https://github.com/tianocore/edk2/pull/1698
upstream: https://github.com/tianocore/edk2/commit/83761337ec91fbd459c55d7d956fcc25df3bfa50
upstream: https://github.com/tianocore/edk2/commit/29cab43bb7912a12efa5a78dac15394aee866e4c
upstream: https://github.com/tianocore/edk2/commit/95616b866187b00355042953efa5c198df07250f
upstream: https://github.com/tianocore/edk2/commit/e8f28b09e63dfdbb4169969a43c65f86c44b035a
upstream: https://github.com/tianocore/edk2/commit/cf01b2dc8fc3ff9cf49fb891af5703dc03e3193e
upstream: https://github.com/tianocore/edk2/commit/d90fff40cb2502b627370a77f5608c8a178c3f78
upstream: https://github.com/tianocore/edk2/commit/dc469f137110fe79704b8b92c552972c739bb915
upstream: https://github.com/tianocore/edk2/commit/47b76780b487dbfde4efb6843b16064c4a97e94d
upstream: https://github.com/tianocore/edk2/commit/54e90edaed0d7c15230902ac4d74f4304bad2ebd
upstream: https://github.com/tianocore/edk2/commit/b8649cf2a3e673a4a8cb6c255e394b354b771550

Severity score breakdown

Parameter Value
Base score 8.1
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading