CVE-2021-3764 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Denial of service
Description	A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel before 5.14.10 allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).

Group	Package	Affected	Fixed	Severity	Status
AVG-2551	linux-lts	5.10.70-1	5.10.71-1	Low	Fixed
AVG-2550	linux-hardened	5.14.9.hardened1-1	5.14.11.hardened1-1	Low	Fixed
AVG-2549	linux-zen	5.14.9.zen2-1	5.14.10.zen1-1	Low	Fixed
AVG-2548	linux	5.14.9.arch2-1	5.14.10.arch1-1	Low	Fixed

References
https://bugzilla.redhat.com/show_bug.cgi?id=1997467 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.10&id=e450c422aa233e9f80515f2ee9164e33f158a472 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.71&id=17ccc64e4fa5d3673528474bfeda814d95dc600a

References

https://bugzilla.redhat.com/show_bug.cgi?id=1997467
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.10&id=e450c422aa233e9f80515f2ee9164e33f158a472
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.71&id=17ccc64e4fa5d3673528474bfeda814d95dc600a