PT-2021-16602 · Rkp Api · Rkp Api

Ben Hawkes

Published

2021-06-11

Updated

2022-07-30

CVE-2021-25411

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: RKP api versions prior to SMR JUN-2021 Release 1

Description: The issue is related to improper address validation in the RKP api, allowing root privileged local attackers to write to read-only kernel memory. This can be exploited by local attackers with root privileges.

Recommendations: For versions prior to SMR JUN-2021 Release 1, update to SMR JUN-2021 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the RKP api to minimize the risk of exploitation.

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

CVE-2021-25411

Affected Products

Rkp Api

PT-2021-16602 · Rkp Api · Rkp Api

CVE-2021-25411

Weakness Enumeration

Related Identifiers

Affected Products

References · 5