Home CVE Database CVE-2021-28972

CVE-2021-28972

Description

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name \'\\0\' termination, aka CID-cc7a0bb058b8.

Priority: HIGH
CVSS v3: 7.8
Publish Date: Mar 22, 2021
Related ID: --
CVSS v2: HIGH
Modified Date: Mar 26, 2021

Find out more about CVE-2021-28972 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Fixed LIN10-8408
10.17.41.24 --
Wind River Linux 8 Legacy -- -- --
Wind River Linux 9 Legacy -- -- --
Wind River Linux 7 Legacy -- -- --
Wind River Linux LTS 21 Fixed -- 10.21.20.1 --
Wind River Linux LTS 18 Fixed LIN1018-7432
10.18.44.22 --
Wind River Linux LTS 19 Fixed LIN1019-6263
10.19.45.17 --
Wind River Linux CD release Fixed -- 10.21.17.0 --
VxWorks
VxWorks 7 Not Vulnerable -- -- --
VxWorks 6.9 Not Vulnerable -- -- --

Related Products

Product Name Status Defect Fixed Downloads

Comments

linux

Live chat
Online