Vulnerability CVE-2021-43389

Vulnerability Name:

CVE-2021-43389 (CCN-211557)

Assigned:

2021-09-24

Published:

2021-09-24

Updated:

2023-02-24

Summary:

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
4.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-125

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-43389

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Issue Tracking, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Release Notes, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
linux-kernel-detachcapictr-code-exec(211557)

Source: CCN
Type: Linux Kernel GIT Repository
isdn: cpai: check ctr->cnr to avoid array index out of bound

Source: cve@mitre.org
Type: Mailing List, Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Exploit, Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: oss-sec Mailing List, Tue, 19 Oct 2021 23:21:52 +0800
Linux kernel: isdn: cpai: array-index-out-of-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c

Source: cve@mitre.org
Type: Exploit, Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Mend Vulnerability Database
WS-2021-0462

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8029	P	kernel-docs-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7578	P	libbpf1-1.1.0-150500.1.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7539	P	kernel-64kb-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7592	P	libgcrypt-devel-1.9.4-150500.10.19 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7712	P	libzzip-0-13-0.13.69-3.10.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:8090	P	reiserfs-kmp-default-5.14.21-150500.53.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3712	P	Security update for go1.18 (Important)	2022-08-04
oval:org.opensuse.security:def:3398	P	wpa_supplicant-2.6-15.10.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3448	P	busybox-1.21.1-3.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3538	P	kernel-default-4.12.14-120.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3567	P	libXtst6-1.2.2-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94650	P	libjpeg62-62.3.0-150400.15.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94590	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95197	P	kernel-default-extra-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94933	P	libavcodec58_134-4.4-150400.1.13 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95028	P	kernel-docs-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95078	P	reiserfs-kmp-default-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2960	P	kernel-64kb-5.14.21-150400.22.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95083	P	kernel-azure-5.14.21-150400.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:531	P	Security update for the Linux Kernel (Important)	2022-06-17
oval:org.opensuse.security:def:125732	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:126898	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:125112	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:127295	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:125369	P	Security update for the Linux Kernel (Important)	2022-06-14
oval:org.opensuse.security:def:4734	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6331	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:5241	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:4295	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:4604	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6039	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6034	P	Security update for the Linux Kernel (Important)	2022-05-12
oval:com.redhat.rhsa:def:20221975	P	RHSA-2022:1975: kernel-rt security and bug fix update (Important)	2022-05-10
oval:com.redhat.rhsa:def:20221988	P	RHSA-2022:1988: kernel security, bug fix, and enhancement update (Important)	2022-05-10
oval:org.opensuse.security:def:4588	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5) (Important)	2022-04-25
oval:org.opensuse.security:def:101646	P	Security update for libmspack (Low)	2022-01-13
oval:org.opensuse.security:def:95964	P	Security update for the Linux RT Kernel (Important)	2021-12-09
oval:org.opensuse.security:def:68801	P	Security update for the Linux RT Kernel (Important)	2021-12-09
oval:org.opensuse.security:def:102677	P	Security update for the Linux RT Kernel (Important)	2021-12-09
oval:org.opensuse.security:def:42150	P	Security update for the Linux RT Kernel (Important)	2021-12-09
oval:org.opensuse.security:def:118434	P	Security update for the Linux RT Kernel (Important)	2021-12-09
oval:org.opensuse.security:def:109343	P	Security update for the Linux RT Kernel (Important)	2021-12-09
oval:org.opensuse.security:def:31715	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:51707	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:117891	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:108968	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:8376	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:68310	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:6462	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:57140	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:83365	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:118638	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:30158	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:95589	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:109542	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:73749	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:108312	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:102171	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:42145	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:5910	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:64627	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:85781	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:32233	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:55279	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:96186	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:118089	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:19520	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:109166	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:101363	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:4524	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:57538	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:83485	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:119808	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:30278	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:95787	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:117543	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:109668	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:70808	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:67551	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:102302	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:86179	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:55981	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:96330	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:23719	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:76067	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:10668	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:102876	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:7221	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:66999	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:58056	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:84247	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:31317	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:117826	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:74681	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:108837	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:102500	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:65613	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:86697	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:56101	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:82663	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:29456	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:95458	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:103002	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:108029	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:84705	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:41408	P	Security update for the Linux Kernel (Important)	2021-12-01
oval:org.opensuse.security:def:45838	P	Security update for the Linux Kernel (Important)	2021-12-01
oval:org.opensuse.security:def:87514	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:33050	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:58873	P	Security update for the Linux Kernel (Important)	2021-11-30
oval:org.opensuse.security:def:102623	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:76397	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:67329	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:76056	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:66988	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:108826	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:118375	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:95447	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:109289	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:68667	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:111799	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:95910	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:102118	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:6240	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:68681	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:102160	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:5899	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:1554	P	Security update for the Linux Kernel (Important)	2021-11-25
oval:org.opensuse.security:def:111140	P	Security update for the Linux Kernel (Important)	2021-11-24
oval:org.opensuse.security:def:44821	P	Security update for the Linux Kernel (Important)	2021-11-22
oval:org.opensuse.security:def:40391	P	Security update for the Linux Kernel (Important)	2021-11-22
oval:org.opensuse.security:def:102340	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:74745	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:100353	P	(Important)	2021-11-16
oval:org.opensuse.security:def:65677	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:1137	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:101883	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:99161	P	(Important)	2021-11-16
oval:org.opensuse.security:def:1744	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:100682	P	(Important)	2021-11-16
oval:org.opensuse.security:def:8400	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:68368	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:111789	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:6485	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:1223	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:101930	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:73923	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:99433	P	(Important)	2021-11-16
oval:org.opensuse.security:def:6232	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:64801	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:1788	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:101542	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:1277	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:70843	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:100017	P	(Important)	2021-11-16
oval:org.opensuse.security:def:67574	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:42239	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:811	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:76389	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:101815	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:10703	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:7279	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:67321	P	Security update for the Linux Kernel (Important)	2021-11-16

BACK