CVE-2021-3744

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-3744
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.openwall.com/lists/oss-security/2021/09/14/1 Exploit Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2000627 Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680 Patch Third Party Advisory
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0 Mailing List Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/
https://seclists.org/oss-sec/2021/q3/164 Exploit Mailing List Patch Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:redhat:build_of_quarkus:2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
History

12 Feb 2023, 23:42

Type Values Removed Values Added
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2022:1975', 'name': 'https://access.redhat.com/errata/RHSA-2022:1975', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2022:1988', 'name': 'https://access.redhat.com/errata/RHSA-2022:1988', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2021-3744', 'name': 'https://access.redhat.com/security/cve/CVE-2021-3744', 'tags': [], 'refsource': 'MISC'}
Summary A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

02 Feb 2023, 21:21

Type Values Removed Values Added
Summary A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/', 'name': 'FEDORA-2021-9dd76a1ed0', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/', 'name': 'FEDORA-2021-ffda3d6fa1', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/', 'name': 'FEDORA-2021-79cbbefebe', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • (MISC) https://access.redhat.com/errata/RHSA-2022:1975 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/ -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/ -
  • (MISC) https://access.redhat.com/security/cve/CVE-2021-3744 -
  • (MISC) https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/ -
  • (MISC) https://access.redhat.com/errata/RHSA-2022:1988 -

06 Oct 2022, 20:26

Type Values Removed Values Added
CPE cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder:8.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_quarkus:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
First Time Redhat enterprise Linux For Real Time For Nfv Tus
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat developer Tools
Redhat
Oracle communications Cloud Native Core Network Exposure Function
Redhat enterprise Linux Eus
Redhat enterprise Linux For Real Time For Nfv
Redhat codeready Linux Builder
Redhat enterprise Linux Server Tus
Redhat enterprise Linux
Redhat build Of Quarkus
Redhat enterprise Linux For Ibm Z Systems Eus
Oracle communications Cloud Native Core Policy
Oracle communications Cloud Native Core Binding Support Function
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Real Time
Redhat virtualization Host
Redhat enterprise Linux Server Eus
Redhat codeready Linux Builder Eus
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat codeready Linux Builder For Power Little Endian
Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Oracle
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/ - Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/ - Mailing List, Third Party Advisory
References (MLIST) http://www.openwall.com/lists/oss-security/2021/09/14/1 - (MLIST) http://www.openwall.com/lists/oss-security/2021/09/14/1 - Exploit, Mailing List, Third Party Advisory
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/ - Mailing List, Third Party Advisory

25 Jul 2022, 18:16

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

23 May 2022, 19:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7/ -
  • (MLIST) http://www.openwall.com/lists/oss-security/2021/09/14/1 -

11 Mar 2022, 15:16

Type Values Removed Values Added
CWE CWE-401
CVSS v2 : unknown
v3 : unknown 		v2 : 2.1
v3 : 5.5
First Time Linux linux Kernel
Debian debian Linux
Fedoraproject fedora
Linux
Debian
Fedoraproject
References (MISC) https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680 - (MISC) https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680 - Patch, Third Party Advisory
References (MISC) https://seclists.org/oss-sec/2021/q3/164 - (MISC) https://seclists.org/oss-sec/2021/q3/164 - Exploit, Mailing List, Patch, Third Party Advisory
References (MISC) https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0 - (MISC) https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0 - Mailing List, Patch, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html - (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html - Mailing List, Third Party Advisory
References (DEBIAN) https://www.debian.org/security/2022/dsa-5096 - (DEBIAN) https://www.debian.org/security/2022/dsa-5096 - Third Party Advisory
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2000627 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2000627 - Issue Tracking, Third Party Advisory
CPE cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*

10 Mar 2022, 17:43

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5096 -
  • (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html -

04 Mar 2022, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-03-04 16:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-3744

Mitre link : CVE-2021-3744

CVE.ORG link : CVE-2021-3744

JSON object : View

Products Affected

debian

  • debian_linux

redhat

  • enterprise_linux_server_tus
  • enterprise_linux_eus
  • codeready_linux_builder_for_power_little_endian
  • enterprise_linux_for_real_time_for_nfv
  • enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
  • codeready_linux_builder_for_power_little_endian_eus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_eus
  • codeready_linux_builder
  • enterprise_linux_for_ibm_z_systems_eus
  • build_of_quarkus
  • enterprise_linux_for_real_time_for_nfv_tus
  • virtualization_host
  • codeready_linux_builder_eus
  • developer_tools
  • enterprise_linux
  • enterprise_linux_for_real_time
  • enterprise_linux_server_update_services_for_sap_solutions

linux

  • linux_kernel

oracle

  • communications_cloud_native_core_policy
  • communications_cloud_native_core_binding_support_function
  • communications_cloud_native_core_network_exposure_function

fedoraproject

  • fedora
CWE
CWE-401

Missing Release of Memory after Effective Lifetime