CVE-2021-32078Out-of-bounds Read in Linux

CWE-125Out-of-bounds ReadCWE-20Improper Input Validation6 documents6 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 55.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.2.1-1 ON CBL Mariner 2.0+1 more
Timeline
PublishedJun 17
Latest updateMay 24

Description

An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages5 packages

Debianlinux/linux_kernel< 5.14.6-1+2
NVDlinux/linux_kernel5.12.11
debiandebian/linux< linux 5.14.6-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: github.comPatch: git.kernel.org

🔴Vulnerability Details

2
GHSA
GHSA-x29p-m96j-g32x: An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci2022-05-24
OSV
CVE-2021-32078: An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci2021-06-17

📋Vendor Advisories

3
Microsoft
An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative e.g. access to2021-06-08
Red Hat
kernel: out-of-bounds read in arch/arm/mach-footbridge/personal-pci.c due to improper input validation2021-04-14
Debian
CVE-2021-32078: linux - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c ...2021