7.8 CVE-2021-42252
Enriched by CISA Patch
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
https://nvd.nist.gov/vuln/detail/CVE-2021-42252
Categories
CWE-NVD-noinfo
References
af854a3a-2127-422b-91ae-364da2661108 Patch
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 Release Notes Vendor Advisory |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id... Patch Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20211112-0006/ Third Party Advisory |
cve@mitre.org Patch
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 Release Notes Vendor Advisory |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id... Patch Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20211112-0006/ Third Party Advisory |
AFFECTED (from MITRE)
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a |
|
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. | ||
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | < 5.14.6 | |
| Configuration 2 | ||
| AND | ||
| cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* | ||
| Configuration 3 | ||
| AND | ||
| cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* | ||
| Configuration 4 | ||
| AND | ||
| cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* | ||
| Configuration 5 | ||
| AND | ||
| cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* | ||
| Configuration 6 | ||
| AND | ||
| cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* | ||
| Configuration 7 | ||
| AND | ||
| cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* | ||
| Configuration 8 | ||
| AND | ||
| cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* | ||
| Configuration 9 | ||
| AND | ||
| cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* | ||
| Configuration 10 | ||
| AND | ||
| cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* | ||
| Running on/with | ||
| cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* | ||
REMEDIATION
Patch
| Url |
|---|
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id... |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id... |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
