CVE-2021-42008

HIGH

Linux Kernel < 4.4.282 - Out-of-Bounds Write

Title source: rule

Description

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

Exploits (2)

nomisec WORKING POC 31 stars

by 0xdevil · poc

https://github.com/0xdevil/CVE-2021-42008

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by numanturle · poc

https://github.com/numanturle/CVE-2021-42008

View Code ZIP pw:eip

References (5)

Core 5

Core References

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19d1532a187669ce86d5a2696eb7275310070793

Release Notes, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13

Exploit, Third Party Advisory x_refsource_misc

https://www.youtube.com/watch?v=d5f9xLK8Vhw

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20211104-0002/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html

Scores

CVSS v3 7.8

EPSS 0.0093

EPSS Percentile 76.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (11)

debian/debian_linux 9.0

linux/linux_kernel 2.6.12 - 4.4.282

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500e_firmware

netapp/h500s_firmware

netapp/h700e_firmware

netapp/h700s_firmware

... and 1 more

Published Oct 05, 2021

Tracked Since Feb 18, 2026