CVE-2021-43389

Published on: 11/04/2021 12:00:00 AM UTC

Last Modified on: 02/24/2023 03:09:00 PM UTC

CVE-2021-43389

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

CVE-2021-43389 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	LOW	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	NONE	NONE	HIGH

CVSS2 Score: 2.1 - LOW

Access Vector^ⓘ	Access Complexity	Authentication
LOCAL	LOW	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
NONE	NONE	PARTIAL

CVE References

Description	Tags ^ⓘ	Link
There is an array-index-out-bounds bug in detach_capi_ctr in drivers/isdn/capi/kcapi.c - butt3rflyh4ck	lore.kernel.org text/html	MISC lore.kernel.org/netdev/[email protected]om/
[SECURITY] [DLA 2941-1] linux-4.19 security update	lists.debian.org text/html	MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
oss-security - Re: Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c	www.openwall.com text/html	MLIST [oss-security] 20211105 Re: Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
oss-sec: Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c	seclists.org text/html	MISC seclists.org/oss-sec/2021/q4/39
kernel/git/torvalds/linux.git - Linux kernel source tree	git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d
2013180 – (CVE-2021-3896) CVE-2021-3896 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c	bugzilla.redhat.com text/html	CONFIRM bugzilla.redhat.com/show_bug.cgi?id=2013180
Debian -- Security Information -- DSA-5096-1 linux	www.debian.org Depreciated Link text/html	DEBIAN DSA-5096
	cdn.kernel.org text/plain	MISC cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15
[SECURITY] [DLA 2843-1] linux security update	lists.debian.org text/html	MLIST [debian-lts-announce] 20211216 [SECURITY] [DLA 2843-1] linux security update
Oracle Critical Patch Update Advisory - July 2022	www.oracle.com text/html	MISC www.oracle.com/security-alerts/cpujul2022.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
178943 Debian Security Update for linux (DLA 2843-1)
179117 Debian Security Update for linux (DSA 5096-1)
179119 Debian Security Update for linux-4.19 (DLA 2941-1)
179998 Debian Security Update for linux (CVE-2021-43389)
198569 Ubuntu Security Notification for Linux kernel (OEM 5.10) Vulnerabilities (USN-5139-1)
198589 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5165-1)
198617 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5209-1)
198618 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5210-1)
198621 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5208-1)
198627 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5218-1)
240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
240298 Red Hat Update for kernel security (RHSA-2022:1988)
353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
671219 EulerOS Security Update for kernel (EulerOS-SA-2022-1030)
671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
671288 EulerOS Security Update for kernel (EulerOS-SA-2022-1227)
671295 EulerOS Security Update for kernel (EulerOS-SA-2022-1243)
671344 EulerOS Security Update for kernel (EulerOS-SA-2022-1271)
751353 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3675-1)
751399 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1501-1)
751406 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3806-1)
751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
752120 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1651-1)
752125 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:1686-1)
752237 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2083-1)
752240 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2103-1)
752250 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:2111-1)
900451 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6170)
901749 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6604-1)
905834 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (6170-1)
940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	22.1.3	All	All	All
Application	Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1	All	All	All
Application	Oracle	Communications Cloud Native Core Policy	22.2.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*:
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*:
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@CVEreport	CVE-2021-43389 : An issue was discovered in the #Linux #kernel before 5.14.15. There is an array-index-out-of-bound… twitter.com/i/web/status/1…	2021-11-04 19:06:48
@LinInfoSec	Git - CVE-2021-43389: lore.kernel.org/netdev/CAFcO6X…	2021-11-04 23:07:04