CVE 2021 37576 - linuxppc/wiki GitHub Wiki
CVE-2021-37576: KVM guest to host memory corruption
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37576
https://lore.kernel.org/linuxppc-dev/[email protected]/
Which kernels are vulnerable
Bare metal kernels with KVM support since v3.10.
Patch status
| Distro | Version | Fix applied? | Link |
|---|---|---|---|
| korg | v5.14 and later | Yes | ⬈ |
| korg | v5.13.7 | Yes | ⬈ |
| korg | v5.10.55 | Yes | ⬈ |
| korg | v5.4.137 | Yes | ⬈ |
| korg | v4.19.200 | Yes | ⬈ |
| korg | v4.14.241 | Yes | ⬈ |
| korg | v4.9.277 | Yes | ⬈ |
| korg | v4.4.277 | Yes | ⬈ |
| ubuntu | 18.04 | Yes | CVE tracker |
| ubuntu | 20.04 | Yes | CVE tracker |
| ubuntu | 21.04 | Yes | CVE tracker |
| debian | stretch | No | CVE tracker |
| debian | buster | Yes | CVE tracker |
| debian | bullseye | Yes | CVE tracker |
| debian | sid | Yes | CVE tracker |
| fedora | 33 | Yes | ⬈ |
| fedora | 34 | Yes | ⬈ |
| rhel | 8 | Live patched | CVE tracker, Bugzilla |
| rhel | 7 | Live patched | CVE tracker, Bugzilla |
| rhel | 7.6-ALT | "will not fix" | CVE tracker |
Verifying the fix
TBC.