CVE-2021-28375
Advisory lineage Upstream: 0 Downstream: 19
Modified
Published: 15 Mar 2021, 04:51
Last modified:03 Aug 2024, 21:40
Vulnerability Summary
Overall Risk (default)
medium
31/100 CVSS Score
7.8 HIGH
v3.1 (nvd)
EPSS Score
0.06% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
15 Mar 2021, 04:51
Published
Vulnerability first disclosed
03 Aug 2024, 21:40
Last Modified
Vulnerability information updated
Description
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
CVSS Metrics
- v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 0.06%• Percentile: 19%
Techniques & Countermeasures
- CWE-862•Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Affected Systems
- fedoraproject•fedora
32 | 33 | 34
- linux•linux_kernel
≥ 5.1, < 5.4.106 | ≥ 5.5, < 5.10.24 | ≥ 5.11, < 5.11.7
- netapp•cloud_backup
na
- netapp•solidfire_baseboard_management_controller_firmware
na
References (6)
- https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6
- https://lore.kernel.org/stable/YD03ew7+6v0XPh6l%40kroah.com/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMRQVOTASD3VZP6GE4JJHE27QU6FHTZ6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XAUNYDTGE6MB4NWL2SIHPCODCLET3JZB/
- https://security.netapp.com/advisory/ntap-20210401-0003/