1. Home
  2. CVE Database
  3. CVE-2021-28952
HIGH · 7.8

CVE-2021-28952

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c...

Vulnerability Description

An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.)

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LinuxLinux Kernel<= 5.11.8
FedoraprojectFedora32
NetappCloud Backup-
NetappA250 Firmware-
NetappA250-
NetappAff 500F Firmware-
NetappAff 500F-
NetappFas 500F Firmware-
NetappFas 500F-
NetappSolidfire Baseboard Management Controller Firmware-
NetappSolidfire Baseboard Management Controller-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2021-28952?

CVE-2021-28952 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c...

How severe is CVE-2021-28952?

CVE-2021-28952 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28952?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Netapp Cloud Backup, Netapp A250 Firmware, Netapp A250.