CVE-2021-42252 – A memory corruption vulnerability in the Aspeed... (How to Fix)

Q: What is the severity of CVE-2021-42252?

CVE-2021-42252 has a CVSS score of 7.8 (HIGH). A memory corruption vulnerability in the Aspeed LPC control driver in Linux kernel allows local attackers to overwrite kernel memory and potentially escalate privileges. The issue occurs due to incorrect size comparisons in the aspeed_lpc_ctrl_mmap function. This affects systems with Aspeed hardware running vulnerable Linux kernel versions.

📋 TL;DR

A memory corruption vulnerability in the Aspeed LPC control driver in Linux kernel allows local attackers to overwrite kernel memory and potentially escalate privileges. The issue occurs due to incorrect size comparisons in the aspeed_lpc_ctrl_mmap function. This affects systems with Aspeed hardware running vulnerable Linux kernel versions.

💻 Affected Systems

Products:

Linux kernel

Versions: All versions before 5.14.6

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Aspeed hardware with LPC control interface enabled. Common in server management hardware like BMCs.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire Baseboard Management Controller Firmware by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, enabling complete system compromise, data theft, and persistence establishment.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls and execute arbitrary code with kernel privileges.

🟢

If Mitigated

Limited impact if proper access controls restrict local user access and SELinux/AppArmor policies are enforced.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring access to the system's LPC control interface.

🏢 Internal Only: HIGH - Malicious insiders or compromised local accounts can exploit this to gain root privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of Aspeed LPC interface. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.14.6 and later

Vendor Advisory: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6

Restart Required: Yes

Instructions:

1. Update kernel to version 5.14.6 or later. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Aspeed LPC control module

linux

Prevent loading of vulnerable kernel module

echo 'blacklist aspeed-lpc-ctrl' >> /etc/modprobe.d/blacklist.conf
rmmod aspeed_lpc_ctrl

Restrict device access

linux

Change permissions on LPC control device to prevent user access

chmod 600 /dev/aspeed-lpc-ctrl
chown root:root /dev/aspeed-lpc-ctrl

🧯 If You Can't Patch

Implement strict access controls to limit local user privileges
Use SELinux/AppArmor to restrict kernel module interactions

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If version is earlier than 5.14.6 and Aspeed hardware is present, system is vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.14.6 or later with uname -r, and check that Aspeed LPC module is either updated or disabled.

📡 Detection & Monitoring

Log Indicators:

Kernel logs showing memory corruption errors
Failed privilege escalation attempts in audit logs
Unexpected kernel module loading

Network Indicators:

None - local-only vulnerability

SIEM Query:

source="kernel" AND ("aspeed" OR "lpc" OR "memory corruption")

📊 Metadata

CVE ID: CVE-2021-42252

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: October 11, 2021

Last Updated: November 21, 2024

🔗 References

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 Release Notes,Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96 Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20211112-0006/ Third Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.6 Release Notes,Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b49a0e69a7b1a68c8d3f64097d06dabb770fec96 Patch,Vendor Advisory
https://security.netapp.com/advisory/ntap-20211112-0006/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON