CVE-2021-3764 - log back

CVE-2021-3764 edited at 12 Nov 2021 19:43:50
Description
- A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).
+ A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel before 5.14.10 allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).
CVE-2021-3764 edited at 12 Nov 2021 19:37:04
References
https://bugzilla.redhat.com/show_bug.cgi?id=1997467
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.10&id=e450c422aa233e9f80515f2ee9164e33f158a472
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.71&id=17ccc64e4fa5d3673528474bfeda814d95dc600a
CVE-2021-3764 edited at 14 Sep 2021 09:03:01
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too).
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1997467
CVE-2021-3764 created at 14 Sep 2021 09:01:47
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes