CVE-2021-3979 — MEDIUM (6.5)

Vulnerability Description

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Ceph Storage	3.0
Redhat	Openshift Container Storage	4.0
Redhat	Openshift Data Foundation	4.0
Redhat	Openstack Platform	13.0
Redhat	Ceph Storage For Ibm Z Systems	4.0
Redhat	Ceph Storage For Power	4.0
Redhat	Enterprise Linux	8.0
Fedoraproject	Fedora	35

Related Weaknesses (CWE)

CWE-287 CWE-327

References

https://access.redhat.com/security/cve/CVE-2021-3979Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024788Issue TrackingVendor Advisory
https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656PatchThird Party Advisory
https://github.com/ceph/ceph/pull/44765PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
https://tracker.ceph.com/issues/54006Issue TrackingVendor Advisory
https://access.redhat.com/security/cve/CVE-2021-3979Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024788Issue TrackingVendor Advisory
https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656PatchThird Party Advisory
https://github.com/ceph/ceph/pull/44765PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
https://lists.debian.org/debian-lts-announce/2025/09/msg00025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproMailing List
https://tracker.ceph.com/issues/54006Issue TrackingVendor Advisory

FAQ

What is CVE-2021-3979?

CVE-2021-3979 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker a...

How severe is CVE-2021-3979?

CVE-2021-3979 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3979?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Ceph Storage, Redhat Openshift Container Storage, Redhat Openshift Data Foundation, Redhat Openstack Platform, Redhat Ceph Storage For Ibm Z Systems.