CVE-2021-3744
Published on: Not Yet Published
Last Modified on: 03/11/2022 03:16:00 PM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
- CVE-2021-3744 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 5.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVSS2 Score: 2.1 - LOW
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | NONE | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[SECURITY] [DLA 2941-1] linux-4.19 security update | lists.debian.org text/html |
![]() |
oss-sec: Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() | seclists.org text/html |
![]() |
Diff - 505d9dcb0f7ddf9d075e729523a33d38642ae680^! - pub/scm/linux/kernel/git/herbert/crypto-2.6 - Git at Google | kernel.googlesource.com text/html |
![]() |
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() · torvalds/[email protected] · GitHub | github.com text/html |
![]() |
2000627 – (CVE-2021-3744) CVE-2021-3744 kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() | bugzilla.redhat.com text/html |
![]() |
Debian -- Security Information -- DSA-5096-1 linux | www.debian.org Depreciated Link text/html |
![]() |
Related QID Numbers
- 159564 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2021-9564)
- 159565 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2021-9565)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 198567 Ubuntu Security Notification for Linux kernel (OEM 5.14) Vulnerabilities (USN-5140-1)
- 198569 Ubuntu Security Notification for Linux kernel (OEM 5.10) Vulnerabilities (USN-5139-1)
- 198585 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5164-1)
- 198586 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5162-1)
- 198587 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5163-1)
- 198588 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5161-1)
- 240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
- 240298 Red Hat Update for kernel security (RHSA-2022:1988)
- 281972 Fedora Security Update for kernel (FEDORA-2021-ffda3d6fa1)
- 281973 Fedora Security Update for kernel (FEDORA-2021-9dd76a1ed0)
- 352869 Amazon Linux Security Advisory for kernel: ALAS2-2021-1719
- 353142 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-009
- 353153 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-007
- 671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
- 671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
- 671268 EulerOS Security Update for kernel (EulerOS-SA-2022-1196)
- 671288 EulerOS Security Update for kernel (EulerOS-SA-2022-1227)
- 671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
- 751214 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3389-1)
- 751215 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3386-1)
- 751217 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3387-1)
- 751223 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3338-1)
- 751234 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1357-1)
- 751235 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3447-1)
- 751245 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1365-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
- 900739 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8917)
- 940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Operating System | Debian | Debian Linux | 10.0 | All | All | All |
Operating System | Debian | Debian Linux | 9.0 | All | All | All |
Operating System | Fedoraproject | Fedora | 33 | All | All | All |
Operating System | Fedoraproject | Fedora | 34 | All | All | All |
Operating System | Fedoraproject | Fedora | 35 | All | All | All |
Operating System | Linux | Linux Kernel | All | All | All | All |
Operating System | Linux | Linux Kernel | 5.15 | - | All | All |
Operating System | Linux | Linux Kernel | 5.15 | rc1 | All | All |
Operating System | Linux | Linux Kernel | 5.15 | rc2 | All | All |
Operating System | Linux | Linux Kernel | 5.15 | rc3 | All | All |
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
Disclosure: CVE-2021-3744: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd(): Posted by Marcus Meissner on… twitter.com/i/web/status/1… | 2021-09-14 16:16:32 |
![]() |
SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(Moderate: CVE-2021-3744) #sios_tech #security #vulnerability #セキュリティ #脆弱性… twitter.com/i/web/status/1… | 2021-09-14 21:00:43 |
![]() |
Linux Kernel の AMD CCP ドライバの処理にサービスを妨害される問題 (CVE-2021-3744) [40417] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2021-11-05 06:31:12 |
![]() |
SUSE.linux kernelに複数の脆弱性 -4/6 CVE-2021-3753 CVE-2021-3752 CVE-2021-3744 CVE-2021-3732 CVE-2021-3715 CVE-2021-3679 C… twitter.com/i/web/status/1… | 2021-12-03 01:35:01 |
![]() |
CVE-2021-3744 : A memory leak flaw was found in the #Linux #kernel in the ccp_run_aes_gcm_cmd function in drivers… twitter.com/i/web/status/1… | 2022-03-04 16:06:51 |
![]() |
CVE-2021-3744 | 2022-03-04 17:38:28 |