CVE-2021-3736

Published: Aug 23, 2022Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.

Affected (1)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 5.14.20

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://access.redhat.com/security/cve/CVE-2021-3736

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1995570

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f

Source: secalert@redhat.com

PatchThird Party Advisory

https://access.redhat.com/security/cve/CVE-2021-3736

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1995570

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://github.com/torvalds/linux/commit/de5494af4815a4c9328536c72741229b7de88e7f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.