#VU63835 Insufficient verification of data authenticity in Linux kernel


Published: 2022-05-31

Vulnerability identifier: #VU63835

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3772

CWE-ID: CWE-345

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description
The vulnerability allows a remote attacker to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to insufficient verification of data authenticity in the Linux SCTP stack. A remote attacker can exploit this vulnerability to perform a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
http://bugzilla.redhat.com/show_bug.cgi?id=2000694
http://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df
http://ubuntu.com/security/CVE-2021-3772
http://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
http://www.debian.org/security/2022/dsa-5096

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux
Ubuntu update for linux-aws
Ubuntu update for linux-aws
Amazon Linux AMI update for kernel
Multiple vulnerabilities in Red Hat Migration Toolkit for Containers (MTC)
Multiple vulnerabilities in Red Hat Advanced Cluster Management 2.3
Multiple vulnerabilities in Red Hat Advanced Cluster Management 2.4
Ubuntu update for linux
Ubuntu update for linux
Red Hat Enterprise Linux 8 update for kernel