VDB
CVE-2021-32078
CVE-2021-32078
PUBLISHED
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.
EPSS 0.09% · 25.0th percentile
Risk Scores
EPSS Score
0.09%
25.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:20.04:LTS | linux-raspi | 5.4.0-1033.36, 5.4.0-1096.107, 5.4.0-1094.105 |
| Ubuntu:20.04:LTS | linux-aws-5.11 | 5.11.0-1022.23~20.04.1, 5.11.0-1021.22~20.04.2, 5.11.0-1017.18~20.04.1 |
| Ubuntu:20.04:LTS | linux-riscv-5.11 | 5.11.0-1022.23~20.04.1, 5.11.0-1023.24~20.04.1, 5.11.0-1031.35 |
| Ubuntu:Pro:16.04:LTS | linux-aws-hwe | 4.15.0-1178.191~16.04.1, 4.15.0-1041.43~16.04.1, 4.15.0-1040.42~16.04.1 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1034.36, 0, 4.15.0-1005.5 |
| Ubuntu:Pro:FIPS-updates:20.04:LTS | linux-gcp-fips | *, 5.4.0-1110.119+fips1, 5.4.0-1136.145+fips1 |
| Ubuntu:Pro:20.04:LTS | linux-xilinx-zynqmp | 5.4.0-1061.65, 5.4.0-1060.64, 5.4.0-1056.60 |
| Ubuntu:Pro:20.04:LTS | linux-azure | 5.4.0-1152.159, 5.4.0-1145.152, 5.4.0-1107.113 |
| Ubuntu:Pro:FIPS:20.04:LTS | linux-fips | 0, 5.4.0-1007.8 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 5.4.0-1067.70~18.04.1, 5.4.0-1068.71~18.04.1, 5.4.0-1076.82~18.04.1 |
| Ubuntu:Pro:14.04:LTS | linux-aws | 4.4.0-1095.100, 4.4.0-1116.122, 4.4.0-1098.103 |
| Ubuntu:Pro:20.04:LTS | linux-azure-fde-5.15 | 5.15.0-1034.41~20.04.1.2, 5.15.0-1037.44~20.04.1.1, 5.15.0-1039.46~20.04.1.1 |
| Ubuntu:Pro:FIPS:18.04:LTS | linux-aws-fips | 0, 4.15.0-2000.4 |
| Ubuntu:20.04:LTS | linux-azure-fde | 5.4.0-1098.104+cvm1.1, 5.4.0-1085.90+cvm2.1, 0 |
| Ubuntu:Pro:18.04:LTS | linux-azure-5.4 | 5.4.0-1073.76~18.04.1, *, * |
| Ubuntu:Pro:18.04:LTS | linux-oracle | 4.15.0-1068.76, 4.15.0-1091.100, 4.15.0-1090.99 |
| Ubuntu:20.04:LTS | linux-hwe-5.8 | *, *, 0 |
| Ubuntu:20.04:LTS | linux-riscv-5.8 | 5.8.0-14.16~20.04.1, 5.8.0-17.19~20.04.1, 5.8.0-20.22~20.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.6 | 5.6.0-1035.37, 5.6.0-1023.23, 5.6.0-1021.21 |
| Ubuntu:Pro:FIPS-updates:18.04:LTS | linux-aws-fips | 4.15.0-2083.89, 4.15.0-2089.95, 4.15.0-2090.96 |
…and 73 more
Exploit Intelligence
- https://kirtikumarar.com/CVE-2021-32078.txt (nist-nvd)
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f (circl)
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f (circl)
- https://security.netapp.com/advisory/ntap-20210813-0002/ (circl)
Timeline
- Jun 17, 2021 CVE Published
- Jun 19, 2021 EPSS Score
- Aug 19, 2021 EPSS Score
- Oct 18, 2021 EPSS Score
- Dec 18, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 16, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 18, 2022 EPSS Score
- Jun 17, 2022 EPSS Score
- Aug 18, 2022 EPSS Score
- Oct 17, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32078 third-party-advisory
- https://kirtikumarar.com/CVE-2021-32078.txt third-party-advisory
- https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f third-party-advisory
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f third-party-advisory
- https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32078 third-party-advisory