发布于3月6日3月6日 Members Oracle Linux: CVE-2021-47352: ELSA-2024-7000:kernel security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 05/21/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/10/2024 Description In the Linux kernel, the following vulnerability has been resolved: virtio-net: Add validation for used length This adds validation for used length (might come from an untrusted device) to avoid data corruption or loss. A vulnerability was found in the Linux kernel’s virtio-net driver, where the system does not properly validate the length of data provided by an untrusted device. This lack of validation could lead to data corruption if the length of the data is incorrect or maliciously crafted. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2021-47352 CVE - 2021-47352 ELSA-2024-7000
