An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
07 Nov 2023, 03:32
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 May 2022, 20:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Netapp cloud Backup
Netapp fas 500f Firmware Netapp a250 Netapp aff 500f Netapp fas 500f Netapp solidfire Baseboard Management Controller Firmware Netapp Netapp a250 Firmware Netapp solidfire Baseboard Management Controller Netapp aff 500f Firmware |
|
References | (MISC) https://lore.kernel.org/alsa-devel/20210309142129.14182-2-srinivas.kandagatla@linaro.org/ - Mailing List, Patch, Vendor Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210430-0003/ - Third Party Advisory |
30 Apr 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 18:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31 - Patch, Vendor Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/ - Mailing List, Third Party Advisory |
29 Mar 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Mar 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
26 Mar 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Mar 2021, 14:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References |
|
|
CWE | CWE-120 | |
References |
|
|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 7.8 |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References |
|
|
References |
|
|
References |
|
|
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1c668e1c0a0f74472469cd514f40c9012b324c31 - Patch | |
References | (MISC) https://lore.kernel.org/alsa-devel/20210309142129.14182-2-srinivas.kandagatla@linaro.org/ - Patch, Vendor Advisory | |
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
|
References |
|
20 Mar 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-03-20 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-28952
Mitre link : CVE-2021-28952
CVE.ORG link : CVE-2021-28952
JSON object : View
Products Affected
netapp
- a250
- fas_500f_firmware
- aff_500f_firmware
- fas_500f
- a250_firmware
- solidfire_baseboard_management_controller_firmware
- solidfire_baseboard_management_controller
- aff_500f
- cloud_backup
linux
- linux_kernel
fedoraproject
- fedora
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')