Description

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

Related CPE's

o

linux

linux_kernel

2

a

oracle

communications_cloud_native_core_binding_support_function

22.1.3

Vulnerable

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_policy

22.2.0

Vulnerable

References

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1243

ExploitThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-908

[email protected]

Secondary
CWE-908

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

3.3 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-08-18T15:15:07.733

3 years ago

Last modified

2023-02-03T14:31:55.930

2 years ago