CVE-2021-3923

Published: Mar 27, 2023Modified: Feb 24, 2025

2.3

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Exploitability: 0.8 / Impact: 1.4

Source: NVD

Description

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.

Affected (5)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Fedoraproject: Fedora

1 product

1 product

Enterprise Linux

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.15.14
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://bugzilla.redhat.com/show_bug.cgi?id=2019643

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://lore.kernel.org/all/20220204100036.GA12348%40kili/

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2019643

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://lore.kernel.org/all/20220204100036.GA12348%40kili/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.