CVE-2021-3764

A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2021-3764	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1997467	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680	Patch Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-3764	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3764	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1997467	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680	Patch Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-3764	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.15:-::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:5.15:rc3::::::

History

No history.

Information

Published : 2022-08-23 16:15

Updated : 2024-11-21 06:22

NVD link : CVE-2021-3764

Mitre link : CVE-2021-3764

CVE.ORG link : CVE-2021-3764

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-401

Missing Release of Memory after Effective Lifetime

{"id": "CVE-2021-3764", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-23T16:15:09.837", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-3764", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997467", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-3764", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3764", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1997467", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2021-3764", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-401"}]}], "descriptions": [{"lang": "en", "value": "A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo de p\u00e9rdida de memoria en la funci\u00f3n ccp_run_aes_gcm_cmd() del kernel de Linux que permite a un atacante causar una denegaci\u00f3n de servicio. La vulnerabilidad es similar a la anterior CVE-2019-18808. La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema."}], "lastModified": "2024-11-21T06:22:22.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BBD585C2-3F95-4E2A-BD16-33C3A6211557", "versionEndIncluding": "5.14.20"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40D9C0D1-0F32-4A2B-9840-1072F5497540"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E46C74C6-B76B-4C94-A6A4-FD2FFF62D644"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60134C3A-06E4-48C1-B04F-2903732A4E56"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0460DA88-8FE1-46A2-9DDA-1F1ABA552E71"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}