blob: 765e9b071685c5758a98e5c772ed97d0021f7316 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Description: ARM: footbridge: array overrun issue
References:
https://kirtikumarar.com/CVE-2021-32078.txt
Notes:
carnil> Issue is in the "personal server platform", which is not
carnil> enabled in Debian. Furthermore the fixing commit just removes
carnil> the whole code, which is believed that no one is using it.
bwh> The affected platform has a StrongArm (ARM v4) CPU which was only
bwh> supported by Debian's original arm architecture, not armel.
bwh> Also this issue involves untrusted data from a PCI device, but
bwh> the affected systems don't have an IOMMU so all PCI devices must
bwh> be trusted.
Bugs:
upstream: released (5.13-rc1) [298a58e165e447ccfaae35fe9f651f9d7e15166f]
5.10-upstream-stable: ignored "Not a real security issue"
4.19-upstream-stable: ignored "Not a real security issue"
4.9-upstream-stable: ignored "Not a real security issue"
sid: released (5.14.6-1)
5.10-bullseye-security: ignored "Not applicable to any Debian architecture"
4.19-buster-security: ignored "Not applicable to any Debian architecture"
4.9-stretch-security: ignored "Not applicable to any Debian architecture"
|