CVE-2021-28375
HIGHLinux Kernel 5.1-5.11.6 - Missing Authorization in fastrpc_internal_invoke
Title source: llmDescription
An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308.
References (6)
Core 6
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/linus/20c40794eb85ea29852d7bc37c55713802a543d6
Mailing List x_refsource_misc
https://lore.kernel.org/stable/YD03ew7+6v0XPh6l%40kroah.com/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OMRQVOTASD3VZP6GE4JJHE27QU6FHTZ6/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TJPVQZPY3DHPV5I3IVNMSMO6D3PKZISX/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XAUNYDTGE6MB4NWL2SIHPCODCLET3JZB/
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210401-0003/
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
18.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (6)
fedoraproject/fedora
32
fedoraproject/fedora
33
fedoraproject/fedora
34
linux/linux_kernel
5.1 - 5.4.106
netapp/cloud_backup
netapp/solidfire_baseboard_management_controller_firmware
Published
Mar 15, 2021
Tracked Since
Feb 18, 2026