Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.7
CVSSv3

CVE-2021-42327

Published: 21/10/2021 Updated: 25/03/2024
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Linux Kernel

Vulnerability Summary

dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel up to and including 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 35

netapp h300s_firmware -

netapp h500s_firmware -

netapp h700s_firmware -

netapp h300e_firmware -

netapp h500e_firmware -

netapp h700e_firmware -

netapp h410s_firmware -

netapp h410c_firmware -

Vendor Advisories

Ubuntu Security Notice: USN-5265-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Ubuntu Security Notice: USN-5362-1: Linux kernel (Intel IOTG) vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: CVE-2021-42327
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfsc in the Linux kernel through 51414 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user t ...
Arch Linux Issues:
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfsc in the Linux kernel through 51414 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user t ...

Github Repositories

https://github.com/docfate111/CVE-2021-42327

kernel exploit POC for vulnerability i found in amd gpu driver

CVE-2021-42327 SLUB overflow exploit full writeup

References

CWE-787https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.chttps://security.netapp.com/advisory/ntap-20211118-0005/https://www.mail-archive.com/amd-gfx%40lists.freedesktop.org/msg69080.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDDEW4APTYKJK365HC2JZIVXYUV7ZRN7/https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f23750b5b3d98653b31d4469592935ef6364ad67https://nvd.nist.govhttps://github.com/docfate111/CVE-2021-42327https://ubuntu.com/security/notices/USN-5265-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook