{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"linuxptp security update", "category":"general", "title":"Synopsis" }, { "text":"An update for linuxptp is now available for openEuler-20.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"Linuxptp is an implementation of the Precision Time Protocol (PTP) according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Supporting legacy APIs and other platforms is not a goal.\n\nSecurity Fix(es):\n\nA flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.(CVE-2021-3571)", "category":"general", "title":"Description" }, { "text":"An update for linuxptp is now available for openEuler-20.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"linuxptp", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2021-1267", "category":"self", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1267" }, { "summary":"CVE-2021-3571", "category":"self", "url":"https://openeuler.org/en/security/cve/detail?cveId=CVE-2021-3571&packageName=linuxptp" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3571" }, { "summary":"openEuler-SA-2021-1267 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2021/csaf-openeuler-sa-2021-1267.json" } ], "title":"An update for linuxptp is now available for openEuler-20.03-LTS-SP1", "tracking":{ "initial_release_date":"2021-07-17T09:21:10+08:00", "revision_history":[ { "date":"2021-07-17T09:21:10+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:21:10+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:21:10+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:21:10+08:00", "id":"openEuler-SA-2021-1267", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"openEuler-20.03-LTS-SP1", "name":"openEuler-20.03-LTS-SP1" }, "name":"openEuler-20.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-2.0-4.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"linuxptp-2.0-4.oe1.aarch64.rpm" }, "name":"linuxptp-2.0-4.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-debuginfo-2.0-4.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"linuxptp-debuginfo-2.0-4.oe1.aarch64.rpm" }, "name":"linuxptp-debuginfo-2.0-4.oe1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-debugsource-2.0-4.oe1.aarch64.rpm(20.03-LTS-SP1)", "name":"linuxptp-debugsource-2.0-4.oe1.aarch64.rpm" }, "name":"linuxptp-debugsource-2.0-4.oe1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-help-2.0-4.oe1.noarch.rpm(20.03-LTS-SP1)", "name":"linuxptp-help-2.0-4.oe1.noarch.rpm" }, "name":"linuxptp-help-2.0-4.oe1.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-2.0-4.oe1.src.rpm(20.03-LTS-SP1)", "name":"linuxptp-2.0-4.oe1.src.rpm" }, "name":"linuxptp-2.0-4.oe1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-debuginfo-2.0-4.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"linuxptp-debuginfo-2.0-4.oe1.x86_64.rpm" }, "name":"linuxptp-debuginfo-2.0-4.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-debugsource-2.0-4.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"linuxptp-debugsource-2.0-4.oe1.x86_64.rpm" }, "name":"linuxptp-debugsource-2.0-4.oe1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP1" }, "product_id":"linuxptp-2.0-4.oe1.x86_64.rpm(20.03-LTS-SP1)", "name":"linuxptp-2.0-4.oe1.x86_64.rpm" }, "name":"linuxptp-2.0-4.oe1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-2.0-4.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.aarch64", "name":"linuxptp-2.0-4.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-debuginfo-2.0-4.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.aarch64", "name":"linuxptp-debuginfo-2.0-4.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-debugsource-2.0-4.oe1.aarch64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.aarch64", "name":"linuxptp-debugsource-2.0-4.oe1.aarch64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-help-2.0-4.oe1.noarch.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-help-2.0-4.oe1.noarch", "name":"linuxptp-help-2.0-4.oe1.noarch as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-2.0-4.oe1.src.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.src", "name":"linuxptp-2.0-4.oe1.src as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-debuginfo-2.0-4.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.x86_64", "name":"linuxptp-debuginfo-2.0-4.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-debugsource-2.0-4.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.x86_64", "name":"linuxptp-debugsource-2.0-4.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP1", "product_reference":"linuxptp-2.0-4.oe1.x86_64.rpm(20.03-LTS-SP1)", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.x86_64", "name":"linuxptp-2.0-4.oe1.x86_64 as a component of openEuler-20.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2021-3571", "notes":[ { "text":"A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-help-2.0-4.oe1.noarch", "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.src", "openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.x86_64", "openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.x86_64", "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-help-2.0-4.oe1.noarch", "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.src", "openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.x86_64", "openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.x86_64", "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.x86_64" ], "details":"linuxptp security update", "category":"vendor_fix", "url":"https://openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1267" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.aarch64", "openEuler-20.03-LTS-SP1:linuxptp-help-2.0-4.oe1.noarch", "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.src", "openEuler-20.03-LTS-SP1:linuxptp-debuginfo-2.0-4.oe1.x86_64", "openEuler-20.03-LTS-SP1:linuxptp-debugsource-2.0-4.oe1.x86_64", "openEuler-20.03-LTS-SP1:linuxptp-2.0-4.oe1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2021-3571" } ] }