high
7.1
CWE
125
Advisory Published
CVE Published
Updated

CVE-2021-3743

First published: Fri Aug 20 2021(Updated: )

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability.

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<0:4.18.0-372.9.1.rt7.166.el8
0:4.18.0-372.9.1.rt7.166.el8
redhat/kernel<0:4.18.0-372.9.1.el8
0:4.18.0-372.9.1.el8
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
Linux Kernel>5.14.1<5.17
Linux Kernel=5.14-rc6
Linux Kernel=5.17
Linux Kernel=5.17-rc1
Linux Kernel=5.17-rc2
Linux Kernel=5.17-rc3
Linux Kernel=5.17-rc4
Linux Kernel=5.17-rc5
Linux Kernel=5.17-rc6
Fedora=34
netapp h300s firmware
netapp h300s
NetApp H500S Firmware
netapp h500s
netapp h700s firmware
netapp h700s
netapp h300e firmware
netapp h300e
netapp h500e firmware
netapp h500e
netapp h700e firmware
netapp h700e
netapp h410s firmware
netapp h410s
netapp h410c firmware
netapp h410c
oracle communications Cloud native core binding support function=22.1.3
oracle communications cloud native core network exposure function=22.1.1
oracle communications Cloud native core policy=22.2.0
All of
netapp h300s firmware
netapp h300s
All of
NetApp H500S Firmware
netapp h500s
All of
netapp h700s firmware
netapp h700s
All of
netapp h300e firmware
netapp h300e
All of
netapp h500e firmware
netapp h500e
All of
netapp h700e firmware
netapp h700e
All of
netapp h410s firmware
netapp h410s
All of
netapp h410c firmware
netapp h410c
NetApp Baseboard Management Controller Firmware
netapp baseboard management controller h300s
NetApp Baseboard Management Controller Firmware
netapp baseboard management controller h500s
NetApp Baseboard Management Controller Firmware
netapp baseboard management controller h700s
NetApp Baseboard Management Controller Firmware
netapp baseboard management controller h300e
netapp baseboard management controller h500e firmware
netapp baseboard management controller h500e
netapp baseboard management controller h700e firmware
netapp baseboard management controller h700e
NetApp Baseboard Management Controller Firmware
netapp baseboard management controller h410s
netapp baseboard management controller h410c firmware
netapp baseboard management controller h410c

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=1997961

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=7e78c597c3eb

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7e78c597c3ebfd0cb329aa09a838734147e4f117

Remedy

https://github.com/torvalds/linux/commit/7e78c597c3ebfd0cb329aa09a838734147e4f117

Remedy

https://www.openwall.com/lists/oss-security/2021/08/27/2

Remedy

https://www.oracle.com/security-alerts/cpujul2022.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2021-3743?

    CVE-2021-3743 has a severity rating of medium, primarily due to the potential for local attackers to exploit the out-of-bounds memory read flaw.

  • How do I fix CVE-2021-3743?

    To remediate CVE-2021-3743, upgrade to kernel versions 0:4.18.0-372.9.1.rt7.166.el8 or 0:4.18.0-372.9.1.el8 or later, depending on your distribution.

  • What systems are affected by CVE-2021-3743?

    CVE-2021-3743 affects several versions of the Linux kernel, particularly those between versions 5.14.1 and 5.17.

  • What type of vulnerability is CVE-2021-3743?

    CVE-2021-3743 is classified as an out-of-bounds (OOB) memory read vulnerability within the Qualcomm IPC router protocol in the Linux kernel.

  • Can CVE-2021-3743 lead to remote code execution?

    CVE-2021-3743 does not directly lead to remote code execution, but it can cause a system crash or leak internal kernel information.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203