First published: Fri Sep 24 2021(Updated: )
An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
redhat/Linux kernel | <5.15 | 5.15 |
Linux Kernel | <5.14.15 | |
Red Hat Enterprise Linux | =8.0 | |
Debian Linux | =9.0 | |
Debian Linux | =10.0 | |
Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
Oracle Communications Cloud Native Core Policy | =22.2.0 | |
debian/linux | 5.10.223-1 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
To mitigate this issue, prevent the module isdn from being loaded. Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43389 has a severity rating that may allow local users to crash the system or cause denial of service.
To fix CVE-2021-43389, update to kernel-rt version 0:4.18.0-372.9.1.rt7.166.el8 or kernel version 0:4.18.0-372.9.1.el8.
CVE-2021-43389 affects multiple Linux kernel versions and specific distributions such as Red Hat Enterprise Linux and Debian.
CVE-2021-43389 is a local vulnerability, meaning it requires local access to exploit.
Linux kernel versions up to 5.14.15 are vulnerable to CVE-2021-43389.