CVE-2021-21781 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-21781 PUBLISHED

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

EPSS 0.02% · 3.0th percentile

Risk Scores

EPSS Score

0.02%

3.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	linux-aws	4.15.0-1080.84, 4.15.0-1001.1, 4.15.0-1003.3
Ubuntu:Pro:16.04:LTS	linux-kvm	4.4.0-1110.120, 4.4.0-1111.121, 4.4.0-1112.122
Ubuntu:20.04:LTS	linux-kvm	5.4.0-1008.8, 5.4.0-1007.7, 5.4.0-1018.18
Ubuntu:20.04:LTS	linux-riscv-5.8	5.8.0-14.16~20.04.1, ,
Ubuntu:Pro:FIPS-updates:18.04:LTS	linux-aws-fips	4.15.0-2025.25, 4.15.0-2018.18, 4.15.0-2042.44
Ubuntu:18.04:LTS	linux-oracle-5.0	, , 5.0.0-1013.18
Ubuntu:18.04:LTS	linux-hwe-edge	5.0.0-16.17~18.04.1, 0, 5.0.0-20.21~18.04.1
Ubuntu:18.04:LTS	linux-gkeop-5.4	0, 5.4.0-1004.5, 5.4.0-1001.1
Ubuntu:20.04:LTS	linux-aws	5.4.0-1035.37, 0, 5.3.0-1003.3
Ubuntu:Pro:16.04:LTS	linux-hwe	4.13.0-31.34~16.04.1, ,
Ubuntu:18.04:LTS	linux-aws-5.0	*, 5.0.0-1027.30, 5.0.0-1025.28
Ubuntu:18.04:LTS	linux	4.15.0-45.48, 4.15.0-132.136, 0
Ubuntu:18.04:LTS	linux-gcp-4.15	0, 4.15.0-1091.104, 4.15.0-1090.103
Ubuntu:20.04:LTS	linux-gkeop	5.4.0-1010.11, 5.4.0-1008.9, 5.4.0-1012.13
Ubuntu:Pro:14.04:LTS	linux-azure	4.15.0-1074.79~14.04.1, 4.15.0-1077.82~14.04.1, 4.15.0-1082.92~14.04.1
Ubuntu:18.04:LTS	linux-oracle-5.3	5.3.0-1018.20~18.04.1, 5.3.0-1013.14~18.04.1, 0
Ubuntu:18.04:LTS	linux-oem	4.15.0-1013.16, 4.15.0-1004.5, 4.15.0-1006.9
Ubuntu:Pro:FIPS:18.04:LTS	linux-fips	4.15.0-1011.12, 0
Ubuntu:18.04:LTS	linux-oracle-5.4	5.4.0-1029.31~18.04.1, 5.4.0-1030.32~18.04.1, 5.4.0-1033.35
Ubuntu:18.04:LTS	linux-raspi2	4.15.0-1017.18, 4.15.0-1011.12, 4.15.0-1010.11

…and 56 more

Timeline

Aug 10, 2021 CVE Published
Aug 19, 2021 EPSS Score
Oct 16, 2021 EPSS Score
Dec 13, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 8, 2022 EPSS Score
Apr 7, 2022 EPSS Score
Jun 4, 2022 EPSS Score
Aug 2, 2022 EPSS Score
Sep 29, 2022 EPSS Score
Nov 26, 2022 EPSS Score
Jan 22, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-21781 third-party-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243 third-party-advisory
https://git.kernel.org/linus/9c698bff66ab4914bb3d71da7dc6112519bde23e third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-21781 third-party-advisory

Open in Interactive Console →