CVE-2021-43389 — MEDIUM (5.5)

Q: What is CVE-2021-43389?

CVE-2021-43389 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

Q: How severe is CVE-2021-43389?

CVE-2021-43389 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-43389?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Debian Debian Linux, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Exposure Function.

Vulnerability Description

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 5.14.15
Redhat	Enterprise Linux	8.0
Debian	Debian Linux	9.0
Oracle	Communications Cloud Native Core Binding Support Function	22.1.3
Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1
Oracle	Communications Cloud Native Core Policy	22.2.0

Related Weaknesses (CWE)

CWE-125

References

http://www.openwall.com/lists/oss-security/2021/11/05/1Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2013180Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15Mailing ListRelease NotesThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1fMailing ListPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.htmlMailing ListThird Party Advisory
https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-
https://seclists.org/oss-sec/2021/q4/39ExploitMailing ListThird Party Advisory
https://www.debian.org/security/2022/dsa-5096Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/05/1Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2013180Issue TrackingPatchThird Party Advisory
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15Mailing ListRelease NotesThird Party Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1fMailing ListPatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2021-43389?

CVE-2021-43389 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

How severe is CVE-2021-43389?

CVE-2021-43389 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-43389?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Redhat Enterprise Linux, Debian Debian Linux, Oracle Communications Cloud Native Core Binding Support Function, Oracle Communications Cloud Native Core Network Exposure Function.