CVE-2021-3772Improper Validation of Integrity Check Value in Kernel

CWE-354Improper Validation of Integrity Check Value18 documents11 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 62.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxNetapp E-series Santricity OS Controller+4 more
Timeline
PublishedMar 2
Latest updateMar 8

Description

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 2.2 | Impact: 4.2

Affected Packages7 packages

NVDlinux/linux_kernel< 5.15.0
Debianlinux/linux_kernel< 5.10.84-1+3
CVEListV5linux/linux_kernelFixed in linux kernel v5.15 and above

Also affects: Debian Linux 10.0, 9.0, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: github.com

🔴Vulnerability Details

5
GHSA
GHSA-g6gr-2x73-gj6f: A flaw was found in the Linux SCTP stack2022-03-04
CVEList
CVE-2021-3772: A flaw was found in the Linux SCTP stack2022-03-02
OSV
CVE-2021-3772: A flaw was found in the Linux SCTP stack2022-03-02
OSV
linux-oem-5.14 vulnerabilities2021-11-30
Kernel
Merge branch 'sctp-enhancements-for-the-verification-tag'2021-10-22

📋Vendor Advisories

10
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-12
Ubuntu
Linux kernel vulnerabilities2023-04-12
Ubuntu
Linux kernel (AWS) vulnerabilities2023-04-06
Ubuntu
Linux kernel vulnerabilities2022-06-08
Ubuntu
Linux kernel vulnerabilities2022-06-08

📄Research Papers

1
arXiv
A Formal Analysis of SCTP: Attack Synthesis and Patch Verification2024-03-08
CVE-2021-3772 — Linux Kernel vulnerability | cvebase