CVE-2021-3744

kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Se ha encontrado un fallo de pérdida de memoria en el kernel de Linux en la función ccp_run_aes_gcm_cmd() en el archivo drivers/crypto/ccp/ccp-ops.c, que permite a atacantes causar una denegación de servicio (consumo de memoria). Esta vulnerabilidad es similar a la anterior CVE-2019-18808

A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-08-27 CVE Reserved
2021-11-11 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (12)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2021/09/14/1	2024-08-03
https://seclists.org/oss-sec/2021/q3/164	2024-08-03

URL	Date	SRC
https://github.com/torvalds/linux/commit/505d9dcb0f7ddf9d075e729523a33d38642ae680	2023-02-12
https://kernel.googlesource.com/pub/scm/linux/kernel/git/herbert/crypto-2.6/+/505d9dcb0f7ddf9d075e729523a33d38642ae680%5E%21/#F0	2023-02-12
https://www.oracle.com/security-alerts/cpujul2022.html	2023-02-12

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2000627	2022-05-10
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7BLLVKYAIETEORUPTFO3TR3C33ZPFXQM	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAT3RERO6QBKSPJBNNRWY3D4NCGTFOS7	2023-02-12
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYKURLXBB2555ASWMPDNMBUPD6AG2JKQ	2023-02-12
https://www.debian.org/security/2022/dsa-5096	2023-02-12
https://access.redhat.com/security/cve/CVE-2021-3744	2022-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Virtualization Host Search vendor "Redhat" for product "Virtualization Host"	4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"	-	Safe
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15 Search vendor "Linux" for product "Linux Kernel" and version "5.15"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15 Search vendor "Linux" for product "Linux Kernel" and version "5.15"		rc1		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15 Search vendor "Linux" for product "Linux Kernel" and version "5.15"		rc2		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				5.15 Search vendor "Linux" for product "Linux Kernel" and version "5.15"		rc3		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				33 Search vendor "Fedoraproject" for product "Fedora" and version "33"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				34 Search vendor "Fedoraproject" for product "Fedora" and version "34"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				35 Search vendor "Fedoraproject" for product "Fedora" and version "35"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Redhat Search vendor "Redhat"		Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus"				2.0 Search vendor "Redhat" for product "Build Of Quarkus" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Search vendor "Redhat" for product "Codeready Linux Builder"				8.0 Search vendor "Redhat" for product "Codeready Linux Builder" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus"				8.6 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian"				8.0 Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus"				8.6 Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Developer Tools Search vendor "Redhat" for product "Developer Tools"				1.0 Search vendor "Redhat" for product "Developer Tools" and version "1.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				8.6 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				8.6 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time Search vendor "Redhat" for product "Enterprise Linux For Real Time"				8 Search vendor "Redhat" for product "Enterprise Linux For Real Time" and version "8"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time Search vendor "Redhat" for product "Enterprise Linux For Real Time"				8.6 Search vendor "Redhat" for product "Enterprise Linux For Real Time" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time For Nfv Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv"				8 Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv" and version "8"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time For Nfv Tus Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv Tus"				8.6 Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv Tus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Eus Search vendor "Redhat" for product "Enterprise Linux Server Eus"				8.6 Search vendor "Redhat" for product "Enterprise Linux Server Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				8.6 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				8.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				8.6 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.6"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"				22.1.3 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Exposure Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function"				22.1.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" and version "22.1.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy"				22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "22.2.0"		-		Affected