vulnerability
Oracle Linux: CVE-2021-21781: ELSA-2022-1988: kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Jun 25, 2021 | May 18, 2022 | Nov 29, 2024 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Jun 25, 2021
Added
May 18, 2022
Modified
Nov 29, 2024
Description
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
An information disclosure flaw exists in the ARM SIGPAGE functionality of the Linux kernel. An attacker with a local account can read the contents of the sigpage, which contains previously initialized kernel memory contents. This flaw requires an attacker to read a process’s memory at a specific offset to trigger this vulnerability.
An information disclosure flaw exists in the ARM SIGPAGE functionality of the Linux kernel. An attacker with a local account can read the contents of the sigpage, which contains previously initialized kernel memory contents. This flaw requires an attacker to read a process’s memory at a specific offset to trigger this vulnerability.
Solution
oracle-linux-upgrade-kernel

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.