CVE-2021-3772

kernel: sctp: Invalid chunks may be used to remotely remove existing associations

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

Se ha encontrado un fallo en la pila SCTP de Linux. Un atacante ciego puede ser capaz de matar una asociación SCTP existente mediante trozos no válidos si el atacante conoce las direcciones IP y los números de puerto que están siendo usados y el atacante puede enviar paquetes con direcciones IP falsas

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include privilege escalation and traversal vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-09-06 CVE Reserved
2021-12-01 CVE Published
2024-08-03 CVE Updated
2025-03-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-354: Improper Validation of Integrity Check Value

CAPEC

References (9)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html	Mailing List
https://security.netapp.com/advisory/ntap-20221007-0001	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=2000694	2022-05-10
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df	2023-02-12
https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df	2023-02-12
https://ubuntu.com/security/CVE-2021-3772	2023-02-12
https://www.oracle.com/security-alerts/cpujul2022.html	2023-02-12

URL	Date	SRC
https://www.debian.org/security/2022/dsa-5096	2023-02-12
https://access.redhat.com/security/cve/CVE-2021-3772	2022-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Netapp Search vendor "Netapp"	H410c Firmware Search vendor "Netapp" for product "H410c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410c Search vendor "Netapp" for product "H410c"	-	-	Safe
Netapp Search vendor "Netapp"	H610c Firmware Search vendor "Netapp" for product "H610c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H610c Search vendor "Netapp" for product "H610c"	-	-	Safe
Netapp Search vendor "Netapp"	H610s Firmware Search vendor "Netapp" for product "H610s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H610s Search vendor "Netapp" for product "H610s"	-	-	Safe
Netapp Search vendor "Netapp"	H615c Firmware Search vendor "Netapp" for product "H615c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H615c Search vendor "Netapp" for product "H615c"	-	-	Safe
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.0 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Binding Support Function Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"				22.1.3 Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Network Exposure Function Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function"				22.1.1 Search vendor "Oracle" for product "Communications Cloud Native Core Network Exposure Function" and version "22.1.1"		-		Affected
Oracle Search vendor "Oracle"		Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy"				22.2.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "22.2.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.0.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.0.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.20 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.20"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.25 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.25"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.30 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.30"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.30.5r3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.30.5r3"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.40 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.40.3r2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40.3r2"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.40.5 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.40.5"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.50.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.2"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.50.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.50.2"		p1		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60.0 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.0"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.60.3 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.60.3"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.70.1 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.70.1"		-		Affected
Netapp Search vendor "Netapp"		E-series Santricity Os Controller Search vendor "Netapp" for product "E-series Santricity Os Controller"				11.70.2 Search vendor "Netapp" for product "E-series Santricity Os Controller" and version "11.70.2"		-		Affected
Netapp Search vendor "Netapp"		Solidfire \& Hci Management Node Search vendor "Netapp" for product "Solidfire \& Hci Management Node"				-		-		Affected
Netapp Search vendor "Netapp"		Solidfire \& Hci Storage Node Search vendor "Netapp" for product "Solidfire \& Hci Storage Node"				-		-		Affected
Netapp Search vendor "Netapp"		Hci Compute Node Search vendor "Netapp" for product "Hci Compute Node"				-		-		Affected