A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Debian
  • Debian Linux
Fedoraproject
  • Fedora
Linux
  • Linux Kernel
Oracle
  • Communications Cloud Native Core Binding Support Function
  • Communications Cloud Native Core Network Exposure Function
  • Communications Cloud Native Core Policy
Redhat
  • Build Of Quarkus
  • Codeready Linux Builder
  • Codeready Linux Builder Eus
  • Codeready Linux Builder For Power Little Endian
  • Codeready Linux Builder For Power Little Endian Eus
  • Developer Tools
  • Enterprise Linux
  • Enterprise Linux Eus
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux For Real Time
  • Enterprise Linux For Real Time For Nfv
  • Enterprise Linux For Real Time For Nfv Tus
  • Enterprise Linux Server Eus
  • Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
  • Enterprise Linux Server Tus
  • Enterprise Linux Server Update Services For Sap Solutions
  • Virtualization Host

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:redhat:build_of_quarkus:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-372.9.1.rt7.166.el8 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2022:1975 2022-05-10T00:00:00Z
kernel-0:4.18.0-372.9.1.el8 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:1988 2022-05-10T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2021/09/14/1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2000627 cve-icon cve-icon
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680 cve-icon cve-icon
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-3744 cve-icon
https://seclists.org/oss-sec/2021/q3/164 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-3744 cve-icon
https://www.debian.org/security/2022/dsa-5096 cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-03-04T15:55:17

Updated: 2024-08-03T17:01:08.447Z

Reserved: 2021-08-27T00:00:00

Link: CVE-2021-3744

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-04T16:15:08.817

Modified: 2024-11-21T06:22:19.033

Link: CVE-2021-3744

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-08-20T00:00:00Z

Links: CVE-2021-3744 - Bugzilla