Lucene search

K
cve[email protected]CVE-2021-42252
HistoryOct 11, 2021 - 7:15 p.m.

CVE-2021-42252

2021-10-1119:15:07
web.nvd.nist.gov
179
14
cve-2021-42252
linux kernel
security vulnerability
aspeed_lpc_ctrl_mmap
local attackers
kernel memory overwrite
privilege execution

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

5.1%

An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.

Affected configurations

NVD
Node
linuxlinux_kernelRange<5.14.6
Node
netapph300sMatch-
AND
netapph300s_firmwareMatch-
Node
netapph500sMatch-
AND
netapph500s_firmwareMatch-
Node
netapph700sMatch-
AND
netapph700s_firmwareMatch-
Node
netapph300eMatch-
AND
netapph300e_firmwareMatch-
Node
netapph500eMatch-
AND
netapph500e_firmwareMatch-
Node
netapph700eMatch-
AND
netapph700e_firmwareMatch-
Node
netapph410sMatch-
AND
netapph410s_firmwareMatch-
Node
netapph410cMatch-
AND
netapph410c_firmwareMatch-
Node
netappsolidfire_baseboard_management_controller_firmwareMatch-
AND
netappsolidfire_baseboard_management_controllerMatch-

Social References

More

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0

Percentile

5.1%