CVE-2021-28972

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 5.11.8

Description The issue is related to a user-tolerable buffer overflow in the RPA PCI Hotplug driver when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add slot store and remove slot store mishandle drc name '0' termination. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Linux kernel versions through 5.11.8, update to a version later than 5.11.8 to resolve the issue. As a temporary workaround, consider restricting access to the rpadlpar sysfs driver to minimize the risk of exploitation. Avoid using the drc name variable in the affected driver until the issue is resolved. At the moment, there is no other information about additional mitigation measures.