CRITICAL🇵🇱 Wersja polska

CVE-2021-36357

CVSS 9.8v3.1pub. 2021-10-22upd. 2024-11-21

An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Openpowerfoundation Skiboot

    OS
    Openpowerfoundation
    2.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References