Bug 2013180 (CVE-2021-43389) - CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c
Summary: CVE-2021-43389 kernel: an array-index-out-bounds in detach_capi_ctr in driver...
Alias: CVE-2021-43389
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
: 2016620 (view as bug list)
Depends On: 2013181 2016490 2016491 2016492
Blocks: 2013182
TreeView+ depends on / blocked
Reported: 2021-10-12 10:24 UTC by Marian Rehak
Modified: 2022-06-16 11:23 UTC (History)
50 users (show)

Fixed In Version: Linux kernel 5.15-rc6
Doc Type: If docs needed, set a value
Doc Text:
An improper validation of an array index and out of bounds memory read in the Linux kernel's Integrated Services Digital Network (ISDN) functionality was found in the way users call ioctl CMTPCONNADD. A local user could use this flaw to crash the system or starve the resources causing denial of service.
Clone Of:
Last Closed: 2022-05-11 11:15:35 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:2229 0 None None None 2022-05-12 11:26:43 UTC
Red Hat Product Errata RHBA-2022:4630 0 None None None 2022-05-18 11:46:28 UTC
Red Hat Product Errata RHBA-2022:4693 0 None None None 2022-05-19 05:10:54 UTC
Red Hat Product Errata RHBA-2022:4969 0 None None None 2022-06-08 18:40:04 UTC
Red Hat Product Errata RHBA-2022:5088 0 None None None 2022-06-16 11:23:16 UTC
Red Hat Product Errata RHSA-2022:1975 0 None None None 2022-05-10 14:39:53 UTC
Red Hat Product Errata RHSA-2022:1988 0 None None None 2022-05-10 14:45:45 UTC

Description Marian Rehak 2021-10-12 10:24:16 UTC
There is an array-index-out-bounds bug in detach_capi_ctr in drivers/isdn/capi/kcapi.c. During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug.



Comment 1 Marian Rehak 2021-10-12 10:24:44 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2013181]

Comment 2 Justin M. Forbes 2021-10-12 17:01:59 UTC
For Fedora:
# CONFIG_ISDN is not set

Comment 7 Wade Mealing 2021-10-26 05:29:00 UTC
*** Bug 2016620 has been marked as a duplicate of this bug. ***

Comment 9 Salvatore Bonaccorso 2021-11-04 20:45:58 UTC
CVE-2021-3896 seems to have been assigned by Red Hat, but was not yet published to MITRE is this right? I'm asking because there is now as well https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389 . I contacted MITRE over the cveform to see which one should be retained, my understanding would be that both CVEs are for the same issue.

Comment 10 Salvatore Bonaccorso 2021-11-04 21:10:25 UTC
Got a reply from MITRE already, so 


making CVE-2021-43389 the valid CVE and CVE-2021-3896 is REJECTED.

Comment 11 Salvatore Bonaccorso 2021-11-05 20:04:45 UTC
As the CVE CVE-2021-3896 is rejected, can you please as well update the Bugzilla Alias for this bug?

Comment 12 Rohit Keshri 2021-11-06 17:12:52 UTC
Hello, thank you for informing us, we have made the changes to our Bugzilla.

Comment 13 errata-xmlrpc 2022-05-10 14:39:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975

Comment 14 errata-xmlrpc 2022-05-10 14:45:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988

Comment 15 Product Security DevOps Team 2022-05-11 11:15:30 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.