CVE-2021-3759

2021-09-0200:00:00

ubuntu.com

linux kernel

memory overflow

ipc functionality

memcg subsystem

denial of service

system availability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

A memory overflow vulnerability was found in the Linux kernel’s ipc
functionality of the memcg subsystem, in the way a user calls the semget
function multiple times, creating semaphores. This flaw allows a local user
to starve the resources, causing a denial of service. The highest threat
from this vulnerability is to system availability.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinux< 4.15.0-162.170UNKNOWN
ubuntu20.04noarchlinux< 5.4.0-90.101UNKNOWN
ubuntu21.04noarchlinux< 5.11.0-40.44UNKNOWN
ubuntu21.10noarchlinux< 5.13.0-21.21UNKNOWN
ubuntu18.04noarchlinux-aws< 4.15.0-1115.122UNKNOWN
ubuntu20.04noarchlinux-aws< 5.4.0-1059.62UNKNOWN
ubuntu21.04noarchlinux-aws< 5.11.0-1021.22UNKNOWN
ubuntu21.10noarchlinux-aws< 5.13.0-1006.7UNKNOWN
ubuntu20.04noarchlinux-aws-5.11< 5.11.0-1021.22~20.04.2UNKNOWN
ubuntu18.04noarchlinux-aws-5.4< 5.4.0-1059.62~18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linux	< 4.15.0-162.170	UNKNOWN
ubuntu	20.04	noarch	linux	< 5.4.0-90.101	UNKNOWN
ubuntu	21.04	noarch	linux	< 5.11.0-40.44	UNKNOWN
ubuntu	21.10	noarch	linux	< 5.13.0-21.21	UNKNOWN
ubuntu	18.04	noarch	linux-aws	< 4.15.0-1115.122	UNKNOWN
ubuntu	20.04	noarch	linux-aws	< 5.4.0-1059.62	UNKNOWN
ubuntu	21.04	noarch	linux-aws	< 5.11.0-1021.22	UNKNOWN
ubuntu	21.10	noarch	linux-aws	< 5.13.0-1006.7	UNKNOWN
ubuntu	20.04	noarch	linux-aws-5.11	< 5.11.0-1021.22~20.04.2	UNKNOWN
ubuntu	18.04	noarch	linux-aws-5.4	< 5.4.0-1059.62~18.04.1	UNKNOWN