Buffer overflow

2021-03-2217:15:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name ‘\0’ termination, aka CID-cc7a0bb058b8.

CPENameOperatorVersion
fedoraeq32
fedoraeq33
fedoraeq34
linux_kernelge5.11
linux_kernellt5.11.9
linux_kernelgt4.15
linux_kernelle4.19.183
linux_kernelgt4.5
linux_kernelle4.9.263
linux_kernelge5.5.0

Name	Operator	Version
fedora	eq	32
fedora	eq	33
fedora	eq	34
linux_kernel	ge	5.11
linux_kernel	lt	5.11.9
linux_kernel	gt	4.15
linux_kernel	le	4.19.183
linux_kernel	gt	4.5
linux_kernel	le	4.9.263
linux_kernel	ge	5.5.0