Candidate: CVE-2021-4048
PublicDate: 2021-12-08 22:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4048
Description:
 An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and
 ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS
 before version 0.3.18. Specially crafted inputs passed to these functions
 could cause an application using lapack to crash or possibly disclose
 portions of its memory.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://github.com/JuliaLang/julia/issues/42415
 https://bugzilla.redhat.com/show_bug.cgi?id=2024358
 https://bugs.launchpad.net/ubuntu/+source/lapack/+bug/1968043
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H [9.1 CRITICAL]


Patches_lapack:
 upstream: https://github.com/Reference-LAPACK/lapack/pull/625
 upstream: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781
upstream_lapack: released (3.10.0-2)
esm-infra/xenial_lapack: needed
trusty_lapack: ignored (out of standard support)
xenial_lapack: ignored (out of standard support)
bionic_lapack: needed
focal_lapack: needed
hirsute_lapack: ignored (reached end-of-life)
impish_lapack: needed
jammy_lapack: not-affected (3.10.0-2ubuntu1)
devel_lapack: not-affected (3.10.0-2ubuntu1)

Patches_openblas:
upstream_openblas: released (0.3.18+ds-1)
trusty/esm_openblas: needs-triage
trusty_openblas: ignored (out of standard support)
xenial_openblas: ignored (out of standard support)
bionic_openblas: needed
focal_openblas: needed
hirsute_openblas: ignored (reached end-of-life)
impish_openblas: needed
jammy_openblas: not-affected (0.3.18+ds-2)
devel_openblas: not-affected (0.3.18+ds-2)