Bug 2013180 (CVE-2021-43389)
| Summary: | CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | acaringi, adscvr, airlied, alciregi, allarkin, bdettelb, bhu, blc, brdeoliv, bskeggs, carnil, chwhite, crwood, darunesh, dhoward, dvlasenk, fhrbata, fpacheco, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, mlangsdo, nmurray, ptalbert, qzhao, rkeshri, rvrbovsk, security-response-team, steved, vkumar, walters, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Linux kernel 5.15-rc6 | Doc Type: | If docs needed, set a value |
| Doc Text: |
An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-11 11:15:35 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2013181, 2016490, 2016491, 2016492 | ||
| Bug Blocks: | 2013182 | ||
|
Description
Marian Rehak
2021-10-12 10:24:16 UTC
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2013181] For Fedora: # CONFIG_ISDN is not set *** Bug 2016620 has been marked as a duplicate of this bug. *** CVE-2021-3896 seems to have been assigned by Red Hat, but was not yet published to MITRE is this right? I'm asking because there is now as well https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389 . I contacted MITRE over the cveform to see which one should be retained, my understanding would be that both CVEs are for the same issue. Got a reply from MITRE already, so https://www.cve.org/CVERecord?id=CVE-2021-3896 https://www.cve.org/CVERecord?id=CVE-2021-43389 making CVE-2021-43389 the valid CVE and CVE-2021-3896 is REJECTED. As the CVE CVE-2021-3896 is rejected, can you please as well update the Bugzilla Alias for this bug? Hello, thank you for informing us, we have made the changes to our Bugzilla. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-43389 |