CVE-2021-3669 : A flaw was found in the Linux kernel. Measuring usage of the shared memory does

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

Published 2022-08-26 16:15:09

Updated 2023-07-07 19:16:18

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-3669

IBM » Spectrum Protect Plus
Versions from including (>=) 10.1.0 and up to, including, (<=) 10.1.10.2
cpe:2.3:a:ibm:spectrum_protect_plus:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
IBM » Spectrum Copy Data Management
Versions from including (>=) 2.2.0.0 and up to, including, (<=) 2.2.15.0
cpe:2.3:a:ibm:spectrum_copy_data_management:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Power Little Endian » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems Eus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Ibm Z Systems » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time For Nfv » Version: 8
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time » Version: 8
cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Aus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_aus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Virtualization Host » Version: 4.0
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform » Version: 4.6
cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform » Version: 4.7
cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Openshift Container Platform » Version: 4.9
cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
Redhat » Developer Tools » Version: 1.0
cpe:2.3:a:redhat:developer_tools:1.0:*:*:*:*:*:*:*
Matching versions
Redhat » Build Of Quarkus
Versions from including (>=) 2.0 and before (<) 2.7
cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time For Nfv Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux For Real Time Tus » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions » Version: 8.6
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Codeready Linux Builder » Version: N/A
cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 8.0
When used together with: Redhat » Enterprise Linux Eus » Version: 8.6
When used together with: Redhat » Enterprise Linux For Power Little Endian » Version: 8.0
When used together with: Redhat » Enterprise Linux For Power Little Endian Eus » Version: 8.6
Linux » Linux Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2021-3669

Top countries where our scanners detected CVE-2021-3669

Top open port discovered on systems with this issue 53

IPs affected by CVE-2021-3669 688,453

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2021-3669!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2021-3669

EPSS FAQ

0.01%

Probability of exploitation activity in the next 30 days EPSS Score History

~ %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-3669

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-3669

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.
Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Secondary)
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-3669

https://security-tracker.debian.org/tracker/CVE-2021-3669

CVE-2021-3669
Issue Tracking;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1980619

Bug Access Denied
Issue Tracking;Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1986473

1986473 – (CVE-2021-3669) CVE-2021-3669 kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
Issue Tracking;Permissions Required
https://access.redhat.com/security/cve/CVE-2021-3669

CVE-2021-3669- Red Hat Customer Portal
Issue Tracking;Third Party Advisory