CVE-2021-3744

CVSS v3.1 5.5 (Medium)

CVSS v2.0 2.1 (Low)

EPSS 0.08 % (33^th)

Affected Products 24

Advisories 37

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.

Weaknesses

CWE-401: Missing Release of Memory after Effective Lifetime

Related CVEs

CVE-2019-18808

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2022-03-04 16:15:08
(2 years ago)
Updated Date: 2023-02-12 23:42:42
(19 months ago)

Affected Products

Oracle

Redhat

Configuration #1

AND

		CPE23	Up To
OR
	Linux Kernel prior 5.15 version	cpe:2.3:o:linux:linux_kernel	< 5.15
OR
	Running on/with
	Linux Kernel 5.15	cpe:2.3:o:linux:linux_kernel:5.15:-
OR
	Running on/with
	Linux Kernel 5.15 Rc1	cpe:2.3:o:linux:linux_kernel:5.15:rc1
OR
	Running on/with
	Linux Kernel 5.15 Rc2	cpe:2.3:o:linux:linux_kernel:5.15:rc2
OR
	Running on/with
	Linux Kernel 5.15 Rc3	cpe:2.3:o:linux:linux_kernel:5.15:rc3

Configuration #2

AND

		CPE23
OR
	Fedoraproject Fedora 33	cpe:2.3:o:fedoraproject:fedora:33
OR
	Running on/with
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34
OR
	Running on/with
	Fedoraproject Fedora 35	cpe:2.3:o:fedoraproject:fedora:35

Configuration #3

AND

		CPE23
OR
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
OR
	Running on/with
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #4

AND

		CPE23
OR
	Redhat Build Of Quarkus 2.0	cpe:2.3:a:redhat:build_of_quarkus:2.0
OR
	Running on/with
	Redhat Codeready Linux Builder 8.0	cpe:2.3:a:redhat:codeready_linux_builder:8.0
OR
	Running on/with
	Redhat Codeready Linux Builder Eus 8.6	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6
OR
	Running on/with
	Redhat Codeready Linux Builder for Power Little Endian 8.0	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0
OR
	Running on/with
	Redhat Codeready Linux Builder for Power Little Endian Eus 8.6	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.6
OR
	Running on/with
	Redhat Developer Tools 1.0	cpe:2.3:a:redhat:developer_tools:1.0
OR
	Running on/with
	Redhat Enterprise Linux Eus 8.6	cpe:2.3:o:redhat:enterprise_linux_eus:8.6
OR
	Running on/with
	Redhat Enterprise Linux for Ibm Z Systems Eus 8.6	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6
OR
	Running on/with
	Redhat Enterprise Linux for Power Little Endian Eus 8.6	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6
OR
	Running on/with
	Redhat Enterprise Linux for Real Time 8	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8
OR
	Running on/with
	Redhat Enterprise Linux for Real Time 8.6	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.6
OR
	Running on/with
	Redhat Enterprise Linux for Real Time For Nfv 8	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8
OR
	Running on/with
	Redhat Enterprise Linux for Real Time For Nfv Tus 8.6	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6
OR
	Running on/with
	Redhat Enterprise Linux Server Eus 8.6	cpe:2.3:o:redhat:enterprise_linux_server_eus:8.6
OR
	Running on/with
	Redhat Enterprise Linux Server for Power Little Endian Update Services For Sap Solutions 8.6	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6
OR
	Running on/with
	Redhat Enterprise Linux Server Tus 8.6	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6
OR
	Running on/with
	Redhat Enterprise Linux Server Update Services for Sap Solutions 8.6	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.6

Configuration #5

AND

		CPE23
OR
	Redhat Virtualization Host 4.0	cpe:2.3:a:redhat:virtualization_host:4.0
OR
	Running on/with
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #6

AND

		CPE23
OR
	Oracle Communications Cloud Native Core Binding Support Function 22.1.3	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3
OR
	Running on/with
	Oracle Communications Cloud Native Core Network Exposure Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1
OR
	Running on/with
	Oracle Communications Cloud Native Core Policy 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0