Vulnerability Description
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxptp Project | Linuxptp | < 2.0.1 |
| Redhat | Enterprise Linux | 8.0 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1966241Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.redhat.com/show_bug.cgi?id=1966241Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2021-3571?
CVE-2021-3571 is a vulnerability with a CVSS score of 7.1 (HIGH). A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync ...
How severe is CVE-2021-3571?
CVE-2021-3571 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3571?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxptp Project Linuxptp, Redhat Enterprise Linux, Fedoraproject Fedora.