Bug#996098: libxsmm: CVE-2021-39535 CVE-2021-39536
Salvatore Bonaccorso
carnil at debian.org
Mon Oct 11 09:01:42 BST 2021
Source: libxsmm
Version: 1.9-2
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for libxsmm.
CVE-2021-39535[0]:
| An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer
| dereference exists in JIT code. It allows an attacker to cause Denial
| of Service.
CVE-2021-39536[1]:
| An issue was discovered in libxsmm through v1.16.1-93. The JIT code
| has a heap-based buffer overflow.
Severity is slight overrated here, but making it RC to make sure fixed
version can land in bookworm.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-39535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39535
[1] https://security-tracker.debian.org/tracker/CVE-2021-39536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39536
Regards,
Salvatore
More information about the debian-science-maintainers
mailing list