CVE-2021-21781: 
Linux Kernel vulnerability analysis and mitigation

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The vulnerability was discovered in January 2021 and patched in February 2021. The vulnerability affects Linux Kernel versions 5.4.54, 5.4.66, and up to version 5.11-rc4. This issue was fixed in kernel releases: 4.14.222, 4.19.177, 5.4.99, 5.10.17, and 5.11 (Talos Advisory).

The vulnerability exists in the ARM SIGPAGE functionality where uninitialized memory is exposed to userland processes. When the kernel initializes the signal page using getsignalpage(), it allocates a page of memory using allocpages(GFPKERNEL, 0) but does not zero the memory before use. While a portion of this page is used to store signal handler instructions, the remaining uninitialized memory can contain kernel data. The vulnerability has a CVSS v3.1 base score of 3.3 (LOW) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (NVD).

Any userland process can read the [sigpage] mapping within their own virtual memory space to leak kernel data. The leaked data persists until the device reboots. The contents of this page depend on the device itself and may potentially contain data from a previous boot if the device is not shut down for too long (Talos Advisory).

The vulnerability was fixed in kernel releases 4.14.222, 4.19.177, 5.4.99, 5.10.17, and 5.11. Users should upgrade to these or later versions to mitigate the vulnerability (NVD).