CVE-2021-3744 log

Source
Severity Low
Remote No
Type Denial of service
Description
A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel before version 5.14.10 allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Group Package Affected Fixed Severity Status Ticket
AVG-2551 linux-lts 5.10.70-1 5.10.71-1 Low Fixed
AVG-2550 linux-hardened 5.14.9.hardened1-1 5.14.11.hardened1-1 Low Fixed
AVG-2549 linux-zen 5.14.9.zen2-1 5.14.10.zen1-1 Low Fixed
AVG-2548 linux 5.14.9.arch2-1 5.14.10.arch1-1 Low Fixed
References
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
https://www.openwall.com/lists/oss-security/2021/09/14/1
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.10&id=e450c422aa233e9f80515f2ee9164e33f158a472
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.71&id=17ccc64e4fa5d3673528474bfeda814d95dc600a