CVE-2021-36357

An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:openpowerfoundation:skiboot:2.6:*:*:*:*:*:*:*

Information

Published : 2021-10-22 05:15

Updated : 2021-10-27 05:30


NVD link : CVE-2021-36357

Mitre link : CVE-2021-36357


JSON object : View

CWE
CWE-681

Incorrect Conversion between Numeric Types

Advertisement

dedicated server usa

Products Affected

openpowerfoundation

  • skiboot