CVE-2021-3744

Description

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Related CPE's

olinuxlinux_kernel********

olinuxlinux_kernel5.15-******

olinuxlinux_kernel5.15rc1******

olinuxlinux_kernel5.15rc2******

olinuxlinux_kernel5.15rc3******

ofedoraprojectfedora33*******

ofedoraprojectfedora34*******

ofedoraprojectfedora35*******

odebiandebian_linux9.0*******

odebiandebian_linux10.0*******

References

https://seclists.org/oss-sec/2021/q3/164

ExploitMailing ListPatchThird Party Advisory

https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680

PatchThird Party Advisory

https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0

Mailing ListPatchThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2000627

Issue TrackingThird Party Advisory

[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update

Mailing ListThird Party Advisory

DSA-5096

Third Party Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

NONE

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

NONE

PrivilegesRequired

LOW

BaseScore

5.5

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

NONE

AvailabilityImpact

PARTIAL

IntegrityImpact

NONE

BaseScore

2.1

VectorString

AV:L/AC:L/Au:N/C:N/I:N/A:P

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io