How severe is CVE-2021-21781?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4 out of 10.

What type of vulnerability is CVE-2021-21781?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2021-21781

MEDIUM Year: 2021

CVSS v3 Score

4.0

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-908

View all →

Vulnerability Description

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11

CVE-2018-3970

MEDIUM

CVSS:4.0(Medium)

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return un...

CWE-9082018

CVE-2021-47096

MEDIUM

CVSS:4.0(Medium)

In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized user_pversion The user_pversion was uninitialized for the user space file structure in the open...

CWE-9082021

CVE-2021-34999

LOW

CVSS:3.8(Low)

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Ope...

CWE-9082021

CVE-2017-5102

MEDIUM

CVSS:4.3(Medium)

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process mem...

CWE-9082017

CVE-2017-5103

MEDIUM

CVSS:4.3(Medium)

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a...

CWE-9082017

CVE-2018-1037

MEDIUM

CVSS:4.3(Medium)

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Stud...

CWE-9082018

CVE-2021-21781

Vulnerability Description

Related Vulnerabilities

CVE-2018-3970

CVE-2021-47096

CVE-2021-34999

CVE-2017-5102

CVE-2017-5103

CVE-2018-1037