Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-3894

Опубликовано: 03 фев. 2022
Источник: redhat
CVSS3: 0

Описание

A vulnerability was found in the Linux kernel. This flaw allows an unprivileged local user to panic the system, resulting in a denial of service by calling setsockopt(2) with specially crafted arguments. The highest threat from this vulnerability is to system availability.

Отчет

This flaw was found to be a duplicate of CVE-2022-0322. Please see https://access.redhat.com/security/cve/CVE-2022-0322 for information about affected products and security errata.

Меры по смягчению последствий

As the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:

echo "install sctp /bin/true" >> /etc/modprobe.d/disable-sctp.conf

The system will need to be restarted if the SCTP modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see the KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelOut of support scope
Red Hat Enterprise Linux 6kernelOut of support scope
Red Hat Enterprise Linux 7kernelWill not fix
Red Hat Enterprise Linux 7kernel-rtWill not fix
Red Hat Enterprise Linux 8kernelAffected
Red Hat Enterprise Linux 8kernel-rtAffected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2014970kernel: sctp: local DoS: unprivileged user can cause BUG()

0 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-3894

ubuntu
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

nvd логотип

CVE-2021-3894

nvd
почти 3 года назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

fstec логотип

BDU:2021-05449

CVSS3: 3.1
fstec
почти 4 года назад

Уязвимость модуля отображения веб-страниц WebKit операционных систем семейства Mac OS, позволяющая нарушителю получить доступ к защищаемой информации

0 Low

CVSS3