CVE-2021-3744 — MEDIUM (5.5)

Q: How severe is CVE-2021-3744?

CVE-2021-3744 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3744?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux, Redhat Build Of Quarkus, Redhat Codeready Linux Builder.

Vulnerability Description

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 5.15
Fedoraproject	Fedora	33
Debian	Debian Linux	9.0
Redhat	Build Of Quarkus	2.0
Redhat	Codeready Linux Builder	8.0
Redhat	Codeready Linux Builder Eus	8.6
Redhat	Codeready Linux Builder For Power Little Endian	8.0
Redhat	Codeready Linux Builder For Power Little Endian Eus	8.6
Redhat	Developer Tools	1.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.6
Redhat	Enterprise Linux For Power Little Endian Eus	8.6
Redhat	Enterprise Linux For Real Time	8
Redhat	Enterprise Linux For Real Time For Nfv	8
Redhat	Enterprise Linux For Real Time For Nfv Tus	8.6
Redhat	Enterprise Linux Server Eus	8.6
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6
Redhat	Enterprise Linux Server Tus	8.6
Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.6
Redhat	Virtualization Host	4.0

Related Weaknesses (CWE)

CWE-401

References

http://www.openwall.com/lists/oss-security/2021/09/14/1ExploitMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2000627Issue TrackingThird Party Advisory
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae68PatchThird Party Advisory
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/50Mailing ListPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://seclists.org/oss-sec/2021/q3/164ExploitMailing ListPatch
https://www.debian.org/security/2022/dsa-5096Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/14/1ExploitMailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2000627Issue TrackingThird Party Advisory
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae68PatchThird Party Advisory
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/50Mailing ListPatchThird Party Advisory

FAQ

What is CVE-2021-3744?

CVE-2021-3744 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This v...

How severe is CVE-2021-3744?

CVE-2021-3744 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3744?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Debian Debian Linux, Redhat Build Of Quarkus, Redhat Codeready Linux Builder.