CVE-2021-3759
Public on 2022-08-23
Modified on 2024-01-14
Description
A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Kernel-5.10 Extra | kernel | 2022-12-08 | ALAS2KERNEL-5.10-2022-023 | Fixed |
| Amazon Linux 2 - Kernel-5.4 Extra | kernel | 2022-12-14 | ALAS2KERNEL-5.4-2022-039 | Fixed |
| Amazon Linux 1 | kernel-4.14 | No Fix Planned | ||
| Amazon Linux 2 - Core | kernel-4.14 | Pending Fix | ||
| Amazon Linux 2 - Core | kernel-5.10 | Pending Fix | ||
| Amazon Linux 2 - Core | kernel-5.4 | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv3 | 5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |