5.5
CVE-2021-3744
- EPSS 0.53%
- Veröffentlicht 04.03.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:22:19
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.15
Linux ≫ Linux Kernel Version5.15 Update-
Linux ≫ Linux Kernel Version5.15 Updaterc1
Linux ≫ Linux Kernel Version5.15 Updaterc2
Linux ≫ Linux Kernel Version5.15 Updaterc3
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Debian ≫ Debian Linux Version9.0
Debian ≫ Debian Linux Version10.0
Redhat ≫ Build Of Quarkus Version2.0
Redhat ≫ Codeready Linux Builder Version8.0
Redhat ≫ Codeready Linux Builder Eus Version8.6
Redhat ≫ Codeready Linux Builder For Power Little Endian Version8.0
Redhat ≫ Developer Tools Version1.0
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6
Redhat ≫ Enterprise Linux For Real Time Version8
Redhat ≫ Enterprise Linux For Real Time Version8.6
Redhat ≫ Enterprise Linux For Real Time For Nfv Version8
Redhat ≫ Enterprise Linux For Real Time For Nfv Tus Version8.6
Redhat ≫ Enterprise Linux Server Eus Version8.6
Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6
Redhat ≫ Enterprise Linux Server Tus Version8.6
Redhat ≫ Virtualization Host Version4.0
Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.1.3
Oracle ≫ Communications Cloud Native Core Network Exposure Function Version22.1.1
Oracle ≫ Communications Cloud Native Core Policy Version22.2.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.411 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://www.oracle.com/security-alerts/cpujul2022.html
http://www.openwall.com/lists/oss-security/2021/09/14/1
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
https://www.debian.org/security/2022/dsa-5096
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0
https://seclists.org/oss-sec/2021/q3/164