CVE-2021-28972
CVSS v3.1
6.7 (Medium)
CVSS v2.0
7.2 (High)
EPSS
0.05 % (20th)
Affected Products
5
Advisories
30
In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination, aka CID-cc7a0bb058b8.
Weaknesses
- CWE-120
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2021-03-22 17:15:15
(3 years ago) - Updated Date
-
2023-11-07 03:32:25
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...