{"id":"CVE-2021-28972","details":"In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.","modified":"2026-04-16T04:36:57.100050380Z","published":"2021-03-22T17:15:15.200Z","related":["SUSE-SU-2021:1175-1","SUSE-SU-2021:1176-1","SUSE-SU-2021:1177-1","SUSE-SU-2021:1210-1","SUSE-SU-2021:1211-1","SUSE-SU-2021:1238-1","SUSE-SU-2021:14724-1","SUSE-SU-2021:1573-1","SUSE-SU-2021:1596-1","SUSE-SU-2021:1617-1","SUSE-SU-2021:1623-1","SUSE-SU-2021:1624-1","SUSE-SU-2021:1625-1","SUSE-SU-2021:1975-1","SUSE-SU-2021:1977-1","openSUSE-SU-2021:0532-1","openSUSE-SU-2021:0758-1","openSUSE-SU-2021:1975-1","openSUSE-SU-2021:1977-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210430-0003/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc7a0bb058b85ea03db87169c60c7cfdd5d34678"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.4.263"}]},{"events":[{"introduced":"0"},{"last_affected":"4.9.263"}]},{"events":[{"introduced":"4.10"},{"fixed":"4.14.227"}]},{"events":[{"introduced":"0"},{"last_affected":"4.19.183"}]},{"events":[{"introduced":"4.20"},{"fixed":"5.4.108"}]},{"events":[{"introduced":"5.5.0"},{"fixed":"5.10.26"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.11.9"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28972.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}