- Description
- An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
- Source
- talos-cna@cisco.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 3.3
- Impact score
- 1.4
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
CVSS 3.0
- Type
- Secondary
- Base score
- 4
- Impact score
- 1.4
- Exploitability score
- 2.5
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.54:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "633D05FD-ACF8-49D1-BEEB-E93D7C0EB258"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.66:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08CD832A-636A-4BF7-B1D2-2D244AEACDD1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56"
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9955F62A-75D3-4347-9AD3-5947FC365838"
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A6D77C7-A2F4-4700-AB5A-3EC853496ECA"
}
],
"operator": "OR"
}
]
}
]