There is an array-index-out-bounds bug in detach_capi_ctr in drivers/isdn/capi/kcapi.c. During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug. Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f3e2e97c003f80c4b087092b225c8787ff91e4d https://lore.kernel.org/netdev/CAFcO6XOvGQrRTaTkaJ0p3zR7y7nrAWD79r48=L_BbOyrK9X-vA@mail.gmail.com/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2013181]
For Fedora: # CONFIG_ISDN is not set
*** Bug 2016620 has been marked as a duplicate of this bug. ***
CVE-2021-3896 seems to have been assigned by Red Hat, but was not yet published to MITRE is this right? I'm asking because there is now as well https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43389 . I contacted MITRE over the cveform to see which one should be retained, my understanding would be that both CVEs are for the same issue.
Got a reply from MITRE already, so https://www.cve.org/CVERecord?id=CVE-2021-3896 https://www.cve.org/CVERecord?id=CVE-2021-43389 making CVE-2021-43389 the valid CVE and CVE-2021-3896 is REJECTED.
As the CVE CVE-2021-3896 is rejected, can you please as well update the Bugzilla Alias for this bug?
Hello, thank you for informing us, we have made the changes to our Bugzilla.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1975 https://access.redhat.com/errata/RHSA-2022:1975
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:1988 https://access.redhat.com/errata/RHSA-2022:1988
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-43389