5.5

CVE-2021-3744

Exploit
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.15
LinuxLinux Kernel Version5.15 Update-
LinuxLinux Kernel Version5.15 Updaterc1
LinuxLinux Kernel Version5.15 Updaterc2
LinuxLinux Kernel Version5.15 Updaterc3
FedoraprojectFedora Version33
FedoraprojectFedora Version34
FedoraprojectFedora Version35
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
RedhatBuild Of Quarkus Version2.0
RedhatDeveloper Tools Version1.0
RedhatEnterprise Linux Eus Version8.6
RedhatVirtualization Host Version4.0
   RedhatEnterprise Linux Version8.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.53% 0.411
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/14/1
Third Party Advisory
Exploit
Mailing List
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory
Mailing List
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
Third Party Advisory
Issue Tracking
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
Patch
Third Party Advisory
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0
Patch
Third Party Advisory
Mailing List
https://seclists.org/oss-sec/2021/q3/164
Patch
Third Party Advisory
Exploit
Mailing List