Veracode Vulnerability DatabaseVERACODE:30842Buffer Overflow
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
linux has a buffer overflow. THe vulnerability exists due to the sound/soc/qcom/sdm845.c soundwire device driver unable to handle an unexpected port ID number.
References
git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-28952
lists.fedoraproject.org/archives/list/[email protected]/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/
lists.fedoraproject.org/archives/list/[email protected]/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/
lists.fedoraproject.org/archives/list/[email protected]/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/
lore.kernel.org/alsa-devel/[email protected]/
security.netapp.com/advisory/ntap-20210430-0003/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P