#VU74626 Memory leak in Linux kernel - CVE-2021-3923


Vulnerability identifier: #VU74626

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3923

CWE-ID: CWE-401

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due memory leak within RDMA over infiniband implementation in Linux kernel. A local user can force the application to leak memory by sensing commands to the /dev/infiniband/rdma_cm device node and gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2019643
https://lore.kernel.org/all/20220204100036.GA12348@kili/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Storage Protect Plus Server
Multiple vulnerabilities in Dell Cloud Tiering Appliance
Multiple vulnerabilities in Dell Data Protection Central
Multiple vulnerabilities in Dell Cloud Tiering Appliance
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP3 update for kernel
openEuler 20.03 LTS SP1 update for kernel
SUSE update for the Linux Kernel