CVE-2021-3764 log

Source
Severity Low
Remote No
Type Denial of service
Description
A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).
Group Package Affected Fixed Severity Status Ticket
AVG-1881 linux-hardened 5.14.14.hardened1-1 Medium Vulnerable
AVG-1880 linux-zen 5.14.14.zen1-1 Medium Vulnerable
AVG-1879 linux 5.14.14.arch1-1 Medium Vulnerable
AVG-1741 linux-lts 5.10.75-1 Medium Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=1997467