Lucene search

[email protected]NVD:CVE-2021-3744

HistoryMar 04, 2022 - 4:15 p.m.

CVE-2021-3744

2022-03-0416:15:08

CWE-401

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.4%

JSON

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Affected configurations

NVD

Node

linuxlinux_kernelRange<5.15

linuxlinux_kernelMatch5.15-

linuxlinux_kernelMatch5.15rc1

linuxlinux_kernelMatch5.15rc2

linuxlinux_kernelMatch5.15rc3

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

debiandebian_linuxMatch9.0

debiandebian_linuxMatch10.0

Node

redhatbuild_of_quarkusMatch2.0

redhatcodeready_linux_builderMatch8.0

redhatcodeready_linux_builder_eusMatch8.6

redhatcodeready_linux_builder_for_power_little_endianMatch8.0

redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.6

redhatdeveloper_toolsMatch1.0

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.6

redhatenterprise_linux_for_power_little_endian_eusMatch8.6

redhatenterprise_linux_for_real_timeMatch8

redhatenterprise_linux_for_real_timeMatch8.6

redhatenterprise_linux_for_real_time_for_nfvMatch8

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.6

redhatenterprise_linux_server_eusMatch8.6

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.6

redhatenterprise_linux_server_tusMatch8.6

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.6

Node

redhatenterprise_linuxMatch8.0

AND

redhatvirtualization_hostMatch4.0

Node

oraclecommunications_cloud_native_core_binding_support_functionMatch22.1.3

oraclecommunications_cloud_native_core_network_exposure_functionMatch22.1.1

oraclecommunications_cloud_native_core_policyMatch22.2.0

References

www.openwall.com/lists/oss-security/2021/09/14/1

bugzilla.redhat.com/show_bug.cgi?id=2000627

github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680

kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0

lists.debian.org/debian-lts-announce/2022/03/msg00012.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/

seclists.org/oss-sec/2021/q3/164

www.debian.org/security/2022/dsa-5096

www.oracle.com/security-alerts/cpujul2022.html

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for NVD:CVE-2021-3744

prion3 osv12 redhatcve3 cvelist3 ubuntucve3 cve3 debiancve3 nessus70 nvd2 f51 veracode2 cbl_mariner1 openvas48 fedora10 amazon3 ubuntu8 cloudfoundry3 oraclelinux3 mageia2 suse6 redhat4 photon1 ibm2 rocky1 almalinux2