Description

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Related CPE's

o

linux

linux_kernel

5

o

fedoraproject

fedora

3

o

debian

debian_linux

2

a

redhat

build_of_quarkus

2.0

Vulnerable

a

redhat

codeready_linux_builder

8.0

Vulnerable

a

redhat

codeready_linux_builder_eus

8.6

Vulnerable

a

redhat

codeready_linux_builder_for_power_little_endian

8.0

Vulnerable

a

redhat

codeready_linux_builder_for_power_little_endian_eus

8.6

Vulnerable

a

redhat

developer_tools

1.0

Vulnerable

o

redhat

enterprise_linux_eus

8.6

Vulnerable

o

redhat

enterprise_linux_for_ibm_z_systems_eus

8.6

Vulnerable

o

redhat

enterprise_linux_for_power_little_endian_eus

8.6

Vulnerable

o

redhat

enterprise_linux_for_real_time

2

o

redhat

enterprise_linux_for_real_time_for_nfv

8

Vulnerable

o

redhat

enterprise_linux_for_real_time_for_nfv_tus

8.6

Vulnerable

o

redhat

enterprise_linux_server_eus

8.6

Vulnerable

o

redhat

enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions

8.6

Vulnerable

o

redhat

enterprise_linux_server_tus

8.6

Vulnerable

o

redhat

enterprise_linux_server_update_services_for_sap_solutions

8.6

Vulnerable

a

redhat

virtualization_host

4.0

Vulnerable

o

redhat

enterprise_linux

8.0

a

oracle

communications_cloud_native_core_binding_support_function

22.1.3

Vulnerable

a

oracle

communications_cloud_native_core_network_exposure_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_policy

22.2.0

Vulnerable

References

http://www.openwall.com/lists/oss-security/2021/09/14/1

ExploitMailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2000627

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680

PatchThird Party Advisory

https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0

Mailing ListPatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/

https://seclists.org/oss-sec/2021/q3/164

ExploitMailing ListPatchThird Party Advisory

https://www.debian.org/security/2022/dsa-5096

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-401

[email protected]

Secondary
CWE-401

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

5.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-03-04T16:15:08.817

3 years ago

Last modified

2023-02-12T23:42:42.287

2 years ago