PT-2021-7724 · Linux+5 · Linux Kernel+5

Michael Kaplan

Published

2021-11-03

Updated

2025-02-24

CVE-2021-3923

CVSS v3.1

2.3

Low

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the "/dev/infiniband/rdma cm" device node. This access is unlikely to leak sensitive user information but can be used to defeat existing kernel protection mechanisms. The issue is related to insufficient protection of internal data in the ib copy ah attr to user() function of the RDMA connection manager.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2022-1026

ALT-PU-2022-1051

ALT-PU-2022-1108

ALT-PU-2022-1240

ALT-PU-2022-1419

ALT-PU-2022-1421

ALT-PU-2022-1441

ALT-PU-2022-1540

ALT-PU-2023-1814

ALT-PU-2023-4894

BDU:2023-01771

CESA-2022_1975

CESA-2022_1988

CVE-2021-3923

OESA-2023-1215

OESA-2023-1229

RHSA-2022:1975

RHSA-2022:1988

RHSA-2022_1975

RHSA-2022_1988

SUSE-SU-2023:1800-1

SUSE-SU-2023:1801-1

SUSE-SU-2023:1803-1

SUSE-SU-2023:1811-1

SUSE-SU-2023:1848-1

SUSE-SU-2023:1892-1

SUSE-SU-2023:1894-1

SUSE-SU-2023:2232-1

Affected Products

Alt Linux

Astra Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2021-7724 · Linux+5 · Linux Kernel+5

CVE-2021-3923

Weakness Enumeration

Related Identifiers

Affected Products

References · 165