This CVE is being DISPUTED (*) by Red Hat with a note that the cited data corruption is not a vulnerability in any existing use case; the length validation was added solely for robustness in the face of anomalous host OS behavior. (*) https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38160 Reference and upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d00d8da5869a2608e97cfede094dfc5e11462a46
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1991723]
This was fixed for Fedora with the 5.13.4 stable kernel updates.