A memory leak in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel allows attackers to cause a denial of service (memory consumption). It happens if function ccp_init_data(&src) returns error code (that is being called from the ccp_run_aes_gcm_cmd). This vulnerability is similar with the older CVE-2019-18808 and both with the CVE-2021-3744 (and the patch for the CVE-2021-3744 contains fix for this one too). Reference: TODO: add link to the patch when available
the fixing upstream commit is present since v5.15-rc4 and is: 505d9dcb0f7d ("crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()")
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3764