CVE-2021-3923: Infoleak
First published: Wed Nov 03 2021(Updated: )
A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux kernel | <5.15.14 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Fedora | =37 | |
| redhat/kernel | <5.16 | 5.16 |
| Linux Kernel | <5.15.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=2019643
- https://lore.kernel.org/all/20220204100036.GA12348@kili/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2181601
- https://git.kernel.org/linus/e1e354771812b12f0b4c433bbaf916f87cd0f6c7
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/errata/RHSA-2022:1975
- https://exchange.xforce.ibmcloud.com/vulnerabilities/251995
- https://www.ibm.com/support/pages/node/7144861 (Advisory)
- https://lore.kernel.org/all/20220204100036.GA12348%40kili/
Frequently Asked Questions
What is the severity of CVE-2021-3923?
CVE-2021-3923 has been classified as a medium severity vulnerability affecting the Linux kernel.
How do I fix CVE-2021-3923?
To fix CVE-2021-3923, update your Linux kernel to version 5.16 or later.
Who is affected by CVE-2021-3923?
CVE-2021-3923 affects users running versions of the Linux kernel up to 5.15.14, as well as certain versions of Red Hat Enterprise Linux.
What type of attack can CVE-2021-3923 facilitate?
CVE-2021-3923 can allow an attacker with a privileged local account to leak kernel stack information.
Is sensitive user information at risk with CVE-2021-3923?
While CVE-2021-3923 can leak kernel stack information, it is unlikely to expose sensitive user information.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/ibm-support
- source/IBM
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/references
- agent/trending
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3923
- agent/software-canonical-lookup
- collector/nvd-api
- source/NVD
- vendor/linux
- canonical/linux kernel
- vendor/redhat
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/37
- package-manager/redhat