6741 - Lattice Security Notification: Apache Log4j Vulnerability (CVE-2021-44228, CVE-2021-45046) ("Log4j Vulnerability")
Description:
Industry-wide security vulnerabilities in Apache Log4j Java logging library (a logging tool used in many Java-based applications) may allow escalation of privilege or denial of service as described in CVE (Common Vulnerabilities Enumeration) 2021-44228 and CVE-2021-45046.
Industry-wide security vulnerabilities in Apache Log4j Java logging library (a logging tool used in many Java-based applications) may allow escalation of privilege or denial of service as described in CVE (Common Vulnerabilities Enumeration) 2021-44228 and CVE-2021-45046.
After an initial investivation, we believe that our IT infrastructure is not impacted by this vulnerability.
Lattice is actively investigating whether any of its products are potentially impacted by the Log4j Vulnerability. Findings from this investigation to-date can be found below.
Vulnerability Details:
For more information on this vulnerability, please see the listings on the National Vulnerability Database:
For more information on this vulnerability, please see the listings on the National Vulnerability Database:
CVE ID: CVE-2021-44228
CVE ID: CVE-2021-45046
Product Portfolio:
At this time, after initial investigation, Lattice believes that the following software versions are not impacted by the Log4j vulnerability
At this time, after initial investigation, Lattice believes that the following software versions are not impacted by the Log4j vulnerability
No further action is needed if using the FPGA design tools above.
Other Lattice design tools (such as development board utilities and drivers) and solution stacks are currently under investigation.
Additional Information:
Lattice will update the status through our website as the investigation proceeds and as additional information becomes available.
Tags: log4j, log4j2, logshell, Apache, security, CVE, 44228, 45046
Additional Information:
Lattice will update the status through our website as the investigation proceeds and as additional information becomes available.
Tags: log4j, log4j2, logshell, Apache, security, CVE, 44228, 45046
Related Articles
6227 - Lattice Security Notification: Apache Log4j Vulnerability (CVE-2021-44228, CVE-2021-45046) ("Log4j Vulnerability")
Summary: Industry-wide security vulnerabilities in Apache Log4j Java logging library (a logging tool used in many Java-based applications) may allow escalation of privilege or denial of service as described in CVE (Common Vulnerabilities Enumeration) ...6525 - Lattice Diamond: Why do i encounter a WARNING from my design relating to Diamond's Security feature?
Description: When user design is compiled (Synthesis --> Bitstream) a Warning shown below is encountered WARNING -Security project file open Error! Security feature is turned OFF! Solution: The warning is valid and is just providing message that the ...6526 - Lattice Diamond: Why do I encounter an installation error when installing Diamond Programmer_Encryption_Security pack?
Description: When a user install the Diamond Programmer encryption security pack an error (sample error shown below) is encountered: "Unable to install Diamond Programmer_Encryption_Security 3.12.1.454.2. The Diamond Programmer version 3.12 ...679 - Lattice ispVM: Why do I get the warning "Cannot write to selected Working directory. Select another one." when I start the ispVM System software tool?
Description: When you install your Lattice ispLEVER or Lattice Diamond software for the first time, the included ispVM software uses default paths for Device Database Location, Start Directory, Working Directory, and Log File Name. The root directory ...732 - Lattice Diamond: What is the purpose of the .lpc file generated by IPExpress ?
Lattice Diamond: The .lpc (Lattice Parameter Configuration) file is a text file that contains values entered for IPexpress modules and IP cores. It has two main functions: It is used by IPexpress to store the user-selected values of settings for ...