3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
15.8%
A vulnerability was found in the Linux kernel in versions prior to
v5.14-rc1. Missing size validations on inbound SCTP packets may allow the
kernel to read uninitialized memory.
Author | Note |
---|---|
sbeattie | original patch set introduced a bug, 557fb5862c9272ad9b21407afe1da8acfd9b53eb is needed to fix it |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < 5.4.0-91.102 | UNKNOWN |
ubuntu | 21.10 | noarch | linux | < 5.13.0-22.22 | UNKNOWN |
ubuntu | 18.04 | noarch | linux | < 4.15.0-162.170 | UNKNOWN |
ubuntu | 21.04 | noarch | linux | < 5.11.0-41.45 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1060.63 | UNKNOWN |
ubuntu | 21.04 | noarch | linux-aws | < 5.11.0-1022.23 | UNKNOWN |
ubuntu | 21.10 | noarch | linux-aws | < 5.13.0-1007.8 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1115.122 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.11 | < 5.11.0-1022.23~20.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws-5.4 | < 5.4.0-1060.63~18.04.1 | UNKNOWN |
git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=f9beb95e6a2669fa35e34a6ff52808b181efa20f
launchpad.net/bugs/cve/CVE-2021-3655
lore.kernel.org/netdev/599e6c1fdcc50f16597380118c9b3b6790241d50.1627439903.git.marcelo.leitner@gmail.com/
lore.kernel.org/netdev/e39b372644b6e5bf48df25e54b9172f34ec223a1.1624904195.git.marcelo.leitner@gmail.com/T/
nvd.nist.gov/vuln/detail/CVE-2021-3655
security-tracker.debian.org/tracker/CVE-2021-3655
ubuntu.com/security/notices/USN-5136-1
ubuntu.com/security/notices/USN-5139-1
ubuntu.com/security/notices/USN-5161-1
ubuntu.com/security/notices/USN-5162-1
ubuntu.com/security/notices/USN-5163-1
www.cve.org/CVERecord?id=CVE-2021-3655
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
15.8%