PT-2021-2488 · Linux+4 · Linux Kernel+4

John Stultz

·

Published

2021-03-10

·

Updated

2023-05-17

·

CVE-2021-28952

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12-rc4
Description: The issue is related to a buffer overflow in the sound/soc/qcom/sdm845.c soundwire device driver of the Linux kernel. This occurs when an unexpected port ID number is encountered. Exploitation of this issue could allow a remote attacker to gain unauthorized access to protected information.
Recommendations: For Linux kernel versions prior to 5.12-rc4, update to version 5.12-rc4 or later to resolve the issue. As a temporary workaround, consider restricting access to the soundwire device driver to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALT-PU-2021-1566
ALT-PU-2021-1609
ALT-PU-2021-1869
ALT-PU-2021-1888
ALT-PU-2021-1896
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
AZL-6540
BDU:2021-01864
CVE-2021-28952
OPENSUSE-SU-2021:1975-1
OPENSUSE-SU-2021:1977-1
OPENSUSE-SU-2021_1975-1
OPENSUSE-SU-2021_1977-1
SUSE-SU-2021:1975-1
SUSE-SU-2021:1977-1
USN-4948-1
USN-4984-1

Affected Products

Alt Linux
Linuxmint
Linux Kernel
Suse
Ubuntu