PT-2021-7381 · Linux+5 · Linux Kernel+5

Iwona Winiarska

·

Published

2021-08-17

·

Updated

2023-08-14

·

CVE-2021-42252

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.6
Description An issue was discovered in the aspeed lpc ctrl mmap function in the Linux kernel, which could allow local attackers to overwrite memory in the kernel and potentially execute privileges. This occurs because a certain comparison uses values that are not memory sizes, leading to a buffer overflow in memory. The exploitation of this issue could allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.
Recommendations For Linux kernel versions prior to 5.14.6, update to version 5.14.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Aspeed LPC control interface to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2021-2902
ALT-PU-2021-2926
ALT-PU-2021-3041
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ALT-PU-2023-4894
AZL-6599
BDU:2022-05842
CVE-2021-42252
DLA-2785-1
OESA-2021-1407
OPENSUSE-SU-2021:1477-1
OPENSUSE-SU-2021:3641-1
OPENSUSE-SU-2021:3675-1
OPENSUSE-SU-2021:3876-1
OPENSUSE-SU-2021_1460-1
OPENSUSE-SU-2021_1477-1
OPENSUSE-SU-2021_3641-1
OPENSUSE-SU-2021_3655-1
OPENSUSE-SU-2021_3675-1
OPENSUSE-SU-2021_3876-1
SUSE-SU-2021:3640-1
SUSE-SU-2021:3641-1
SUSE-SU-2021:3642-1
SUSE-SU-2021:3658-1
SUSE-SU-2021:3675-1
SUSE-SU-2021:3723-1
SUSE-SU-2021:3748-1
SUSE-SU-2021:3754-1
SUSE-SU-2021:3876-1
SUSE-SU-2021:3969-1
SUSE-SU-2021:3972-1
USN-5136-1
USN-5137-1
USN-5161-1
USN-5162-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Suse
Ubuntu