Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3655

Опубликовано: 28 июн. 2021
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

A vulnerability was found in the Linux kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Меры по смягчению последствий

As the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install sctp /bin/true" >> /etc/modprobe.d/disable-sctp.conf

The system will need to be restarted if the SCTP modules are loaded. In most circumstances, the SCTP kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelOut of support scope
Red Hat Enterprise Linux 7kernel-altWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected
Red Hat Enterprise Linux 9kernelNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-909
https://bugzilla.redhat.com/show_bug.cgi?id=1984024kernel: missing size validations on inbound SCTP packets

EPSS

Процентиль: 12%
0.00041
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3655

CVSS3: 3.3
ubuntu
почти 4 года назад

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

nvd логотип

CVE-2021-3655

CVSS3: 3.3
nvd
почти 4 года назад

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

debian логотип

CVE-2021-3655

CVSS3: 3.3
debian
почти 4 года назад

A vulnerability was found in the Linux kernel in versions prior to v5. ...

github логотип

GHSA-2r5v-rg6v-8xg5

CVSS3: 3.3
github
около 3 лет назад

A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

fstec логотип

BDU:2021-03942

CVSS3: 3.3
fstec
почти 4 года назад

Уязвимость ядра операционных систем Linux, связанная с недостатками проверки входных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 12%
0.00041
Низкий

3.3 Low

CVSS3