Linux Kernel up to 5.11-rc4 ARM SIGPAGE information disclosure

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Linux Kernel up to 4.14.221/4.19.176/5.4.98/5.10.16/5.11-rc4. Affected is an unknown function of the component ARM SIGPAGE Handler. The manipulation leads to information disclosure. This vulnerability is listed as CVE-2021-21781. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.
Details
A vulnerability was found in Linux Kernel up to 4.14.221/4.19.176/5.4.98/5.10.16/5.11-rc4 (Operating System) and classified as problematic. This issue affects some unknown processing of the component ARM SIGPAGE Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality.
The weakness was presented 08/18/2021 as TALOS-2021-1243. It is possible to read the advisory at talosintelligence.com. The identification of this vulnerability is CVE-2021-21781. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.
Upgrading to version 4.14.222, 4.19.177, 5.4.99, 5.10.17 or 5.11 eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
- 4.14.221
- 4.19.176
- 5.4.0
- 5.4.1
- 5.4.2
- 5.4.3
- 5.4.4
- 5.4.5
- 5.4.6
- 5.4.7
- 5.4.8
- 5.4.9
- 5.4.10
- 5.4.11
- 5.4.12
- 5.4.13
- 5.4.14
- 5.4.15
- 5.4.16
- 5.4.17
- 5.4.18
- 5.4.19
- 5.4.20
- 5.4.21
- 5.4.22
- 5.4.23
- 5.4.24
- 5.4.25
- 5.4.26
- 5.4.27
- 5.4.28
- 5.4.29
- 5.4.30
- 5.4.31
- 5.4.32
- 5.4.33
- 5.4.34
- 5.4.35
- 5.4.36
- 5.4.37
- 5.4.38
- 5.4.39
- 5.4.40
- 5.4.41
- 5.4.42
- 5.4.43
- 5.4.44
- 5.4.45
- 5.4.46
- 5.4.47
- 5.4.48
- 5.4.49
- 5.4.50
- 5.4.51
- 5.4.52
- 5.4.53
- 5.4.54
- 5.4.55
- 5.4.56
- 5.4.57
- 5.4.58
- 5.4.59
- 5.4.60
- 5.4.61
- 5.4.62
- 5.4.63
- 5.4.64
- 5.4.65
- 5.4.66
- 5.4.67
- 5.4.68
- 5.4.69
- 5.4.70
- 5.4.71
- 5.4.72
- 5.4.73
- 5.4.74
- 5.4.75
- 5.4.76
- 5.4.77
- 5.4.78
- 5.4.79
- 5.4.80
- 5.4.81
- 5.4.82
- 5.4.83
- 5.4.84
- 5.4.85
- 5.4.86
- 5.4.87
- 5.4.88
- 5.4.89
- 5.4.90
- 5.4.91
- 5.4.92
- 5.4.93
- 5.4.94
- 5.4.95
- 5.4.96
- 5.4.97
- 5.4.98
- 5.10.0
- 5.10.1
- 5.10.2
- 5.10.3
- 5.10.4
- 5.10.5
- 5.10.6
- 5.10.7
- 5.10.8
- 5.10.9
- 5.10.10
- 5.10.11
- 5.10.12
- 5.10.13
- 5.10.14
- 5.10.15
- 5.10.16
- 5.11-rc1
- 5.11-rc2
- 5.11-rc3
- 5.11-rc4
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 4.14.222/4.19.177/5.4.99/5.10.17/5.11
Timeline
01/04/2021 🔍08/18/2021 🔍
08/18/2021 🔍
08/21/2021 🔍
Sources
Vendor: kernel.orgAdvisory: TALOS-2021-1243
Status: Confirmed
CVE: CVE-2021-21781 (🔍)
GCVE (CVE): GCVE-0-2021-21781
GCVE (VulDB): GCVE-100-181103
Entry
Created: 08/18/2021 21:21Updated: 08/21/2021 09:15
Changes: 08/18/2021 21:21 (41), 08/21/2021 09:15 (2)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.