AZL-6543

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6543.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-6543

Upstream

CVE-2021-28972

Published

2021-03-22T17:15:15Z

Modified

2026-04-01T05:20:33.695717Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2021-28972 affecting package kernel for versions less than 5.10.78.1-1

Details

In drivers/pci/hotplug/rpadlparsysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because addslotstore and removeslotstore mishandle drcname '\0' termination, aka CID-cc7a0bb058b8.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-28972

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.78.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-6543.json"