CVE-2021-3743
First published: Fri Aug 20 2021(Updated: )
An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| Linux Kernel | >5.14.1<5.17 | |
| Linux Kernel | =5.14-rc6 | |
| Linux Kernel | =5.17 | |
| Linux Kernel | =5.17-rc1 | |
| Linux Kernel | =5.17-rc2 | |
| Linux Kernel | =5.17-rc3 | |
| Linux Kernel | =5.17-rc4 | |
| Linux Kernel | =5.17-rc5 | |
| Linux Kernel | =5.17-rc6 | |
| Red Hat Fedora | =34 | |
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H300S | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H500S | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H700S | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H300E | ||
| NetApp Baseboard Management Controller H500E Firmware | ||
| NetApp Baseboard Management Controller H500E Firmware | ||
| NetApp Baseboard Management Controller H700E Firmware | ||
| NetApp Baseboard Management Controller H700E Firmware | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H410S | ||
| NetApp Baseboard Management Controller H410C | ||
| NetApp Baseboard Management Controller H410C Firmware | ||
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
| Oracle Communications Cloud Native Core Policy | =22.2.0 | |
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H500S Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-3743 https://nvd.nist.gov/vuln/detail/CVE-2021-3743 https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb https://lists.openwall.net/netdev/2021/08/17/124
- https://bugzilla.redhat.com/show_bug.cgi?id=1997961
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2021-3743
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e78c597c3ebfd0cb329aa09a838734147e4f117
- https://github.com/torvalds/linux/commit/7e78c597c3ebfd0cb329aa09a838734147e4f117
- https://lists.openwall.net/netdev/2021/08/17/124
- https://security.netapp.com/advisory/ntap-20220407-0007/
- https://www.openwall.com/lists/oss-security/2021/08/27/2
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://launchpad.net/bugs/cve/CVE-2021-3743
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1997962
- https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117
- https://security-tracker.debian.org/tracker/CVE-2021-3743
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3743
- https://nvd.nist.gov/vuln/detail/CVE-2021-3743
- https://ubuntu.com/security/CVE-2021-3743
Frequently Asked Questions
What is the severity of CVE-2021-3743?
CVE-2021-3743 has a severity rating of medium, primarily due to the potential for local attackers to exploit the out-of-bounds memory read flaw.
How do I fix CVE-2021-3743?
To remediate CVE-2021-3743, upgrade to kernel versions 0:4.18.0-372.9.1.rt7.166.el8 or 0:4.18.0-372.9.1.el8 or later, depending on your distribution.
What systems are affected by CVE-2021-3743?
CVE-2021-3743 affects several versions of the Linux kernel, particularly those between versions 5.14.1 and 5.17.
What type of vulnerability is CVE-2021-3743?
CVE-2021-3743 is classified as an out-of-bounds (OOB) memory read vulnerability within the Qualcomm IPC router protocol in the Linux kernel.
Can CVE-2021-3743 lead to remote code execution?
CVE-2021-3743 does not directly lead to remote code execution, but it can cause a system crash or leak internal kernel information.
- collector/redhat-cve
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3743
- agent/type
- agent/author
- agent/severity
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/softwarecombine
- agent/event
- collector/security-tracker-debian
- source/Debian
- package-manager/redhat
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.14-rc6
- version/linux kernel/5.17
- version/linux kernel/5.17-rc1
- version/linux kernel/5.17-rc2
- version/linux kernel/5.17-rc3
- version/linux kernel/5.17-rc4
- version/linux kernel/5.17-rc5
- version/linux kernel/5.17-rc6
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/34
- vendor/netapp
- canonical/netapp baseboard management controller firmware
- canonical/netapp baseboard management controller h300s
- canonical/netapp baseboard management controller h500s
- canonical/netapp baseboard management controller h700s
- canonical/netapp baseboard management controller h300e
- canonical/netapp baseboard management controller h500e firmware
- canonical/netapp baseboard management controller h700e firmware
- canonical/netapp baseboard management controller h410s
- canonical/netapp baseboard management controller h410c
- canonical/netapp baseboard management controller h410c firmware
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.2.0
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h500s firmware
- canonical/netapp h700e
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware
- package-manager/debian