CVE-2021-21781
First published: Fri Jun 25 2021(Updated: )
An information disclosure flaw exists in the ARM SIGPAGE functionality of the Linux kernel. An attacker with a local account can read the contents of the sigpage, which contains previously initialized kernel memory contents. This flaw requires an attacker to read a process’s memory at a specific offset to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Linux kernel | =5.4.54 | |
| Linux Linux kernel | =5.4.66 | |
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
| Oracle Communications Cloud Native Core Policy | =22.2.0 | |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
Remedy
Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1981951
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2021-21781
- https://bugzilla.redhat.com/show_bug.cgi?id=1981950
- https://www.cve.org/CVERecord?id=CVE-2021-21781 https://nvd.nist.gov/vuln/detail/CVE-2021-21781 https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243
Frequently Asked Questions
What is CVE-2021-21781?
CVE-2021-21781 is an information disclosure vulnerability in the ARM SIGPAGE functionality of the Linux kernel.
What is the severity of CVE-2021-21781?
CVE-2021-21781 has a severity level of medium (4 out of 10).
Which versions of the Linux kernel are affected by CVE-2021-21781?
CVE-2021-21781 affects Linux Kernel versions 5.4.66 and 5.4.54.
How can an attacker exploit CVE-2021-21781?
An attacker can exploit CVE-2021-21781 by using a userland application to read the contents of the sigpage, which can leak kernel memory contents.
Are there any fixes or patches available for CVE-2021-21781?
Yes, there are fixes available for CVE-2021-21781. Please refer to the references for more information.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-21781
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/weakness
- agent/references
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- agent/trending
- package-manager/redhat
- vendor/linux
- canonical/linux linux kernel
- version/linux linux kernel/5.4.54
- version/linux linux kernel/5.4.66
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.2.0