CVE-2021-3744
moderate-risk
Published 2022-03-04
A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.
Do I need to act?
-
0.01% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (20)
Codeready Linux Builder For Power Little Endian
Developer Tools
Affected Vendors
References (22)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2000627
and 2 more references
41
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
23/34 · High