CVE-2021-3923 — Sensitive Information Exposure in Kernel

CWE-200 — Sensitive Information Exposure9 documents9 sources

Severity

2.3LOWNVD

EPSS

0.0%

top 96.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Fedoraproject Fedora Redhat Enterprise Linux +1 more

Timeline

PublishedMar 27

Latest updateFeb 14

Description

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.8 | Impact: 1.4

Affected Packages4 packages

▶NVDlinux/linux_kernel< 5.15.14

▶Debianlinux/linux_kernel< 5.10.92-1+3

▶CVEListV5linux/linux_kernelunknown

▶Palo Altopaloalto/pan-os

Also affects: Enterprise Linux 6.0, 7.0, 8.0, Fedora 37

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

CVEList

CVE-2021-3923: A flaw was found in the Linux kernel's implementation of RDMA over infiniband↗2023-03-27

▶

OSV

CVE-2021-3923: A flaw was found in the Linux kernel's implementation of RDMA over infiniband↗2023-03-27

▶

GHSA

GHSA-c8f9-2rww-56v5: A flaw was found in the Linux kernel's implementation of RDMA over infiniband↗2023-03-27

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Microsoft

▶

Red Hat

kernel: stack information leak in infiniband RDMA↗2021-12-01

▶

Debian

CVE-2021-3923: linux - A flaw was found in the Linux kernel's implementation of RDMA over infiniband. A...↗2021

▶

💬Community

Bugzilla

CVE-2021-3923 kernel: stack information leak in infiniband RDMA↗2021-11-03

▶