Vulnerability-Lookup

alsa-2022:7639

Vulnerability from osv_almalinux

Published

2022-11-08 00:00

Modified

2022-11-14 18:11

Summary

Moderate: openblas security update

Details

OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version.

Security Fix(es):

lapack: Out-of-bounds read in *larrv (CVE-2021-4048)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2022:7639	ADVISORY
	https://access.redhat.com/security/cve/CVE-2021-4048	REPORT
	https://bugzilla.redhat.com/2024358	REPORT
	https://errata.almalinux.org/8/ALSA-2022-7639.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-Rblas"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-openmp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-openmp64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-openmp64_"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-serial64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-serial64_"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-static"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-threads"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-threads64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "openblas-threads64_"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.15-4.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "OpenBLAS is an optimized BLAS library based on GotoBLAS2 1.13 BSD version.\n\nSecurity Fix(es):\n\n* lapack: Out-of-bounds read in *larrv (CVE-2021-4048)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2022:7639",
  "modified": "2022-11-14T18:11:33Z",
  "published": "2022-11-08T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2022:7639"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2021-4048"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2024358"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2022-7639.html"
    }
  ],
  "related": [
    "CVE-2021-4048"
  ],
  "summary": "Moderate: openblas security update"
}

CVE-2021-4048 (GCVE-0-2021-4048)

Vulnerability from cvelistv5 – Published: 2021-12-08 21:24 – Updated: 2024-08-03 17:16

Summary

An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory.

Severity ?

No CVSS data available.

CWE

CWE-125

Assigner

redhat

References

URL

Tags

	https://github.com/Reference-LAPACK/lapack/pull/625	x_refsource_MISC
	https://github.com/Reference-LAPACK/lapack/commit…	x_refsource_MISC
	https://github.com/JuliaLang/julia/issues/42415	x_refsource_MISC
	https://github.com/xianyi/OpenBLAS/commit/337b651…	x_refsource_MISC
	https://github.com/xianyi/OpenBLAS/commit/2be5ee3…	x_refsource_MISC
	https://github.com/xianyi/OpenBLAS/commit/fe497ef…	x_refsource_MISC
	https://github.com/xianyi/OpenBLAS/commit/ddb0ff5…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	lapack	Affected: lapack through version 3.10.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:16:03.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Reference-LAPACK/lapack/pull/625"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/JuliaLang/julia/issues/42415"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7"
          },
          {
            "name": "FEDORA-2021-0d4b58060d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/"
          },
          {
            "name": "FEDORA-2021-aec9d01057",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "lapack",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "lapack through version 3.10.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-18T02:06:09.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Reference-LAPACK/lapack/pull/625"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/JuliaLang/julia/issues/42415"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7"
        },
        {
          "name": "FEDORA-2021-0d4b58060d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/"
        },
        {
          "name": "FEDORA-2021-aec9d01057",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-4048",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "lapack",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "lapack through version 3.10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version 0.3.18. Specially crafted inputs passed to these functions could cause an application using lapack to crash or possibly disclose portions of its memory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Reference-LAPACK/lapack/pull/625",
              "refsource": "MISC",
              "url": "https://github.com/Reference-LAPACK/lapack/pull/625"
            },
            {
              "name": "https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781",
              "refsource": "MISC",
              "url": "https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781"
            },
            {
              "name": "https://github.com/JuliaLang/julia/issues/42415",
              "refsource": "MISC",
              "url": "https://github.com/JuliaLang/julia/issues/42415"
            },
            {
              "name": "https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41",
              "refsource": "MISC",
              "url": "https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41"
            },
            {
              "name": "https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c",
              "refsource": "MISC",
              "url": "https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c"
            },
            {
              "name": "https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7",
              "refsource": "MISC",
              "url": "https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7"
            },
            {
              "name": "https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7",
              "refsource": "MISC",
              "url": "https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7"
            },
            {
              "name": "FEDORA-2021-0d4b58060d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DROZM4M2QRKSD6FBO4BHSV2QMIRJQPHT/"
            },
            {
              "name": "FEDORA-2021-aec9d01057",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QFEVOCUG2UXMVMFMTU4ONJVDEHY2LW2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-4048",
    "datePublished": "2021-12-08T21:24:42.000Z",
    "dateReserved": "2021-12-02T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:16:03.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted