Bug#996098: libxsmm: CVE-2021-39535 CVE-2021-39536

Salvatore Bonaccorso carnil at debian.org
Mon Oct 11 09:01:42 BST 2021


Source: libxsmm
Version: 1.9-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>

Hi,

The following vulnerabilities were published for libxsmm.

CVE-2021-39535[0]:
| An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer
| dereference exists in JIT code. It allows an attacker to cause Denial
| of Service.


CVE-2021-39536[1]:
| An issue was discovered in libxsmm through v1.16.1-93. The JIT code
| has a heap-based buffer overflow.

Severity is slight overrated here, but making it RC to make sure fixed
version can land in bookworm.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-39535
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39535
[1] https://security-tracker.debian.org/tracker/CVE-2021-39536
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39536

Regards,
Salvatore



More information about the debian-science-maintainers mailing list