CVE-2021-42252 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Kernel
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents7 sources
Severity
7.8HIGHNVD
OSV3.3
EPSS
0.1%
top 68.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedOct 11
Latest updateMay 24
Description
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-2hvg-x2p3-jfmj: An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl↗2022-05-24
OSV▶
linux, linux-aws, linux-aws-5.11, linux-azure, linux-azure-5.11, linux-gcp, linux-gcp-5.11, linux-hwe-5.11, linux-kvm, linux-oracle, linux-oracle-5.11, linux-raspi vulnerabilities↗2021-11-30
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem-5.13, linux-oracle, linux-raspi vulnerabilities↗2021-11-30
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-dell300x, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-11-09
OSV▶
linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm vulnerabilities↗2021-11-09
📋Vendor Advisories
7Microsoft▶
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwri↗2021-10-12