CVE-2021-4048
Last modified
CVE-2021-4048 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.. EPSS estimates a 2.62% chance of exploitation in the next 30 days.
Description
An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Lapack Project | Lapack | <= 3.10.0 | — |
| Openblas Project | Openblas | < 0.3.18 | — |
| Julialang | Julia | <= 1.6.3 | — |
| Julialang | Julia | 1.7.0 | Beta1 |
| Redhat | Ceph Storage | 2.0 | — |
| Redhat | Ceph Storage | 3.0 | — |
| Redhat | Ceph Storage | 4.0 | — |
| Redhat | Ceph Storage | 5.0 | — |
| Redhat | Openshift Container Storage | 4.0 | — |
| Redhat | Openshift Data Foundation | 4.0 | — |
| Redhat | Enterprise Linux | 8.0 | — |
| Fedoraproject | Fedora | 34 | — |
| Fedoraproject | Fedora | 35 | — |
References
- https://github.com/JuliaLang/julia/issues/42415Issue Tracking, Patch, Third Party Advisory
- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781Patch, Third Party Advisory
- https://github.com/Reference-LAPACK/lapack/pull/625Issue Tracking, Patch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050cPatch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41Patch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7Patch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7Patch, Third Party Advisory
- https://github.com/JuliaLang/julia/issues/42415Issue Tracking, Patch, Third Party Advisory
- https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781Patch, Third Party Advisory
- https://github.com/Reference-LAPACK/lapack/pull/625Issue Tracking, Patch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050cPatch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41Patch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7Patch, Third Party Advisory
- https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-4048?
How severe is CVE-2021-4048?
How do I fix CVE-2021-4048?
Are you affected by CVE-2021-4048?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST