CVE-2021-3764 log

Severity Low
Remote No
Type Denial of service
A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel before 5.14.10 allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).
Group Package Affected Fixed Severity Status Ticket
AVG-2551 linux-lts 5.10.70-1 5.10.71-1 Low Fixed
AVG-2550 linux-hardened 5.14.9.hardened1-1 5.14.11.hardened1-1 Low Fixed
AVG-2549 linux-zen 5.14.9.zen2-1 5.14.10.zen1-1 Low Fixed
AVG-2548 linux 5.14.9.arch2-1 5.14.10.arch1-1 Low Fixed