CVE-2021-38160
📋 TL;DR
This vulnerability in the Linux kernel's virtio_console driver allows an untrusted virtual device to supply a buffer length value exceeding the actual buffer size, potentially causing data corruption or loss. It affects Linux systems using virtio_console with untrusted virtual devices. The vendor notes this was added for robustness rather than fixing an existing vulnerability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Solidfire by Netapp
⚠️ Risk & Real-World Impact
Worst Case
Data corruption or loss in the console subsystem, potentially affecting system logs, console output, or communication with virtual devices.
Likely Case
Limited impact in most environments since it requires an untrusted virtual device; primarily a robustness issue rather than an exploitable vulnerability.
If Mitigated
Minimal impact if using trusted virtual devices or patched kernel versions.
🎯 Exploit Status
Exploitation requires control of a virtual device in a virtualized environment.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Linux kernel 5.13.4 and later
Vendor Advisory: https://access.redhat.com/security/cve/cve-2021-38160
Restart Required: Yes
Instructions:
1. Update Linux kernel to version 5.13.4 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable virtio_console
linuxRemove or blacklist virtio_console driver if not needed
echo 'blacklist virtio_console' >> /etc/modprobe.d/blacklist.conf
rmmod virtio_console
🧯 If You Can't Patch
- Restrict virtual device access to trusted sources only
- Monitor system logs for unusual virtio_console activity
🔍 How to Verify
Check if Vulnerable:
Check kernel version: uname -r. If version is earlier than 5.13.4, system may be vulnerable if using virtio_console.Check Version:
uname -rVerify Fix Applied:
After update, verify kernel version is 5.13.4 or later with uname -r📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing virtio_console errors or buffer overflow messages
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
source="kernel" AND "virtio_console" AND ("overflow" OR "corruption" OR "length")🔗 References
- https://access.redhat.com/security/cve/cve-2021-38160
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://www.debian.org/security/2021/dsa-4978
- https://access.redhat.com/security/cve/cve-2021-38160
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.4
- https://github.com/torvalds/linux/commit/d00d8da5869a2608e97cfede094dfc5e11462a46
- https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
- https://security.netapp.com/advisory/ntap-20210902-0010/
- https://www.debian.org/security/2021/dsa-4978
