CVE-2021-4048 — CRITICAL (9.1)

Q: How severe is CVE-2021-4048?

CVE-2021-4048 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-4048?

Check the references section above for vendor advisories and patch information. Affected products include: Lapack Project Lapack, Openblas Project Openblas, Julialang Julia, Redhat Ceph Storage, Redhat Openshift Container Storage.

Vulnerability Description

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Lapack Project	Lapack	<= 3.10.0
Openblas Project	Openblas	< 0.3.18
Julialang	Julia	<= 1.6.3
Redhat	Ceph Storage	2.0
Redhat	Openshift Container Storage	4.0
Redhat	Openshift Data Foundation	4.0
Redhat	Enterprise Linux	8.0
Fedoraproject	Fedora	34

Related Weaknesses (CWE)

CWE-125

References

https://github.com/JuliaLang/julia/issues/42415Issue TrackingPatchThird Party Advisory
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6PatchThird Party Advisory
https://github.com/Reference-LAPACK/lapack/pull/625Issue TrackingPatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea05PatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6dPatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3PatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbPatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://github.com/JuliaLang/julia/issues/42415Issue TrackingPatchThird Party Advisory
https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6PatchThird Party Advisory
https://github.com/Reference-LAPACK/lapack/pull/625Issue TrackingPatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea05PatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6dPatchThird Party Advisory
https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3PatchThird Party Advisory

FAQ

What is CVE-2021-4048?

CVE-2021-4048 is a vulnerability with a CVSS score of 9.1 (CRITICAL). An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs pass...

How severe is CVE-2021-4048?

CVE-2021-4048 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-4048?

Check the references section above for vendor advisories and patch information. Affected products include: Lapack Project Lapack, Openblas Project Openblas, Julialang Julia, Redhat Ceph Storage, Redhat Openshift Container Storage.