{"id":"CVE-2021-42252","details":"An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.","modified":"2026-03-10T23:48:50.231967Z","published":"2021-10-11T19:15:07.713Z","related":["SUSE-SU-2021:3640-1","SUSE-SU-2021:3641-1","SUSE-SU-2021:3642-1","SUSE-SU-2021:3658-1","SUSE-SU-2021:3675-1","SUSE-SU-2021:3723-1","SUSE-SU-2021:3748-1","SUSE-SU-2021:3754-1","SUSE-SU-2021:3876-1","SUSE-SU-2021:3969-1","SUSE-SU-2021:3972-1","openSUSE-SU-2021:1477-1","openSUSE-SU-2021:3641-1","openSUSE-SU-2021:3675-1","openSUSE-SU-2021:3876-1"],"references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211112-0006/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.14.6"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42252.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}