PT-2021-8097 · Linux+2 · Linux Kernel+2

Xiaolong Huang

Published

2021-10-08

Updated

2024-09-18

CVE-2021-4439

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.15.0-rc2+

Description The vulnerability is related to an array index out of bounds bug in the cmtp add connection function of the isdn component in the Linux kernel. This bug can be triggered when the detach capi ctr function is called to detach a register controller that is not attached yet. The vulnerability can cause a denial of service.

Technical details about exploitation include:

The cmtp add connection function adds a cmtp session to a controller and runs a kernel thread to process cmtp.
The kernel thread calls detach capi ctr to detach a register controller, which can trigger the array-index-out-bounds bug if the controller is not attached yet.
The bug is caused by an index of -1 being out of range for the type capi ctr *[32].
The detach capi ctr function is called by cmtp session, which is run by the kernel thread.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Validation of Array Index

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-129CWE-787

Related Identifiers

BDU:2024-07041

CVE-2021-4439

OPENSUSE-SU-2024_2362-1

OPENSUSE-SU-2024_2372-1

OPENSUSE-SU-2024_2394-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2362-1

SUSE-SU-2024:2365-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2384-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2895-1

SUSE-SU-2024:2902-1

SUSE-SU-2024:2929-1

SUSE-SU-2024:2939-1

SUSE-SU-2024_2929-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2021-8097 · Linux+2 · Linux Kernel+2

CVE-2021-4439

Weakness Enumeration

Related Identifiers

Affected Products

References · 1400