CVE-2021-21781

CVSS v3.1 3.3 (Low)

CVSS v2.0 2.1 (Low)

EPSS 0.04 % (17^th)

Affected Products 4

Advisories 13

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

Weaknesses

CWE-908: Use of Uninitialized Resource

CVE Status: PUBLISHED
CNA: Talos
Published Date: 2021-08-18 15:15:07
(3 years ago)
Updated Date: 2023-02-03 14:31:55
(19 months ago)

Affected Products

Linux

Linux Kernel

Oracle

Configuration #1

		CPE23	From	Up To
	Linux Kernel 5.4.54	cpe:2.3:o:linux:linux_kernel:5.4.54
	Linux Kernel 5.4.66	cpe:2.3:o:linux:linux_kernel:5.4.66

Configuration #2

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Binding Support Function 22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
	Oracle Communications Cloud Native Core Network Exposure Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
	Oracle Communications Cloud Native Core Policy 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0