CVE-2021-3743

Name
CVE-2021-3743
Description
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/torvalds/linux/commit/7e78c597c3ebfd0cb329aa09a838734147e4f117
Exploit https://www.openwall.com/lists/oss-security/2021/08/27/2
Patch https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb
Exploit https://lists.openwall.net/netdev/2021/08/17/124
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e78c597c3ebfd0cb329aa09a838734147e4f117
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1997961
CONFIRM https://security.netapp.com/advisory/ntap-20220407-0007/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:5.14:rc6:*:*:*:*:*:* linux_kernel == None == 5.14
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel > 5.14.1 < 5.17
cpe:2.3:o:linux:linux_kernel:5.17:-:*:*:*:*:*:* linux_kernel == None == 5.17

Vulnerable and fixed packages

Source package Branch Version Maintainer Status