CVE-2021-3744

Summary

CVE	CVE-2021-3744
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-03-04 16:15:00 UTC
Updated	2023-02-12 23:42:00 UTC
Description	A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Risk And Classification

Problem Types: CWE-401

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.15	-	All	All
Operating System	Linux	Linux Kernel	5.15	rc1	All	All
Operating System	Linux	Linux Kernel	5.15	rc2	All	All
Operating System	Linux	Linux Kernel	5.15	rc3	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	22.1.3	All	All	All
Application	Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1	All	All	All
Application	Oracle	Communications Cloud Native Core Policy	22.2.0	All	All	All
Application	Redhat	Build Of Quarkus	2.0	All	All	All
Application	Redhat	Codeready Linux Builder	8.0	All	All	All
Application	Redhat	Codeready Linux Builder Eus	8.6	All	All	All
Application	Redhat	Codeready Linux Builder For Power Little Endian	8.0	All	All	All
Application	Redhat	Codeready Linux Builder For Power Little Endian Eus	8.6	All	All	All
Application	Redhat	Developer Tools	1.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux For Ibm Z Systems Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux For Power Little Endian Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux For Real Time	8	All	All	All
Operating System	Redhat	Enterprise Linux For Real Time	8.6	All	All	All
Operating System	Redhat	Enterprise Linux For Real Time For Nfv	8	All	All	All
Operating System	Redhat	Enterprise Linux For Real Time For Nfv Tus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	8.6	All	All	All
Operating System	Redhat	Enterprise Linux Server Update Services For Sap Solutions	8.6	All	All	All
Application	Redhat	Virtualization Host	4.0	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 35 Update: kernel-5.14.10-300.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] [DLA 2941-1] linux-4.19 security update	MLIST	lists.debian.org
oss-security - Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()	MLIST	www.openwall.com
[SECURITY] Fedora 33 Update: kernel-5.14.10-100.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: kernel-5.14.10-200.fc34 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 34 Update: kernel-5.14.10-200.fc34 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
oss-sec: Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()	MISC	seclists.org
Diff - 505d9dcb0f7ddf9d075e729523a33d38642ae680^! - pub/scm/linux/kernel/git/herbert/crypto-2.6 - Git at Google	MISC	kernel.googlesource.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() · torvalds/linux@505d9dc · GitHub	MISC	github.com
2000627 – (CVE-2021-3744) CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()	MISC	bugzilla.redhat.com
[SECURITY] Fedora 33 Update: kernel-5.14.10-100.fc33 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
Debian -- Security Information -- DSA-5096-1 linux	DEBIAN	www.debian.org
[SECURITY] Fedora 35 Update: kernel-5.14.10-300.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159564 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9564)
159565 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9565)
159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
179117 Debian Security Update for linux (DSA 5096-1)
179119 Debian Security Update for linux-4.19 (DLA 2941-1)
180229 Debian Security Update for linux (CVE-2021-3744)
198567 Ubuntu Security Notification for Linux kernel (OEM 5.14) Vulnerabilities (USN-5140-1)
198569 Ubuntu Security Notification for Linux kernel (OEM 5.10) Vulnerabilities (USN-5139-1)
198585 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5164-1)
198586 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5162-1)
198587 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5163-1)
198588 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5161-1)
240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
240298 Red Hat Update for kernel security (RHSA-2022:1988)
281972 Fedora Security Update for kernel (FEDORA-2021-ffda3d6fa1)
281973 Fedora Security Update for kernel (FEDORA-2021-9dd76a1ed0)
352869 Amazon Linux Security Advisory for kernel: ALAS2-2021-1719
353142 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-009
353153 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-007
353989 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-027
354000 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-029
354013 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-031
356241 Amazon Linux Security Advisory for microvm-kernel : ALASMICROVM-KERNEL-4.14-2023-001
6140214 AWS Bottlerocket Security Update for kernel (GHSA-p98g-wxrx-9vp8)
671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
671268 EulerOS Security Update for kernel (EulerOS-SA-2022-1196)
671288 EulerOS Security Update for kernel (EulerOS-SA-2022-1227)
671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
751214 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3389-1)
751215 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3386-1)
751217 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3387-1)
751223 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3338-1)
751234 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1357-1)
751235 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3447-1)
751245 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1365-1)
751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
900739 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8917)
905992 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8917-1)
940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)