CVE-2021-3772
Advisory lineage Upstream: 0 Downstream: 33
Modified
Published: 02 Mar 2022, 00:00
Last modified:03 Aug 2024, 17:09
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.16% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
02 Mar 2022, 00:00
Published
Vulnerability first disclosed
03 Aug 2024, 17:09
Last Modified
Vulnerability information updated
Description
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
- v2.0•MEDIUM•Score: 5.8AV:N/AC:M/Au:N/C:N/I:P/A:P
EPSS Trends
Current EPSS score: 0.16%• Percentile: 37%
Techniques & Countermeasures
- CWE-354•Improper Validation of Integrity Check Value
The product does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.
Affected Systems
- debian•debian_linux
9.0 | 10.0
- linux•linux_kernel
< 5.15.0
- netapp•e-series_santricity_os_controller
11.0 | 11.0.0 | 11.20 | 11.25 | 11.30 | 11.30.5r3 | 11.40 | 11.40.3r2 | 11.40.5 | 11.50.1 | 11.50.2 | 11.50.2:p1 | 11.60 | 11.60.0 | 11.60.1 | 11.60.3 | 11.70.1 | 11.70.2
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500s_firmware
na
- netapp•h610c_firmware
na
- netapp•h610s_firmware
na
- netapp•h615c_firmware
na
- netapp•h700s_firmware
na
- netapp•hci_compute_node_firmware
na
- netapp•solidfire_\&_hci_management_node
na
- netapp•solidfire_\&_hci_storage_node
na
- oracle•communications_cloud_native_core_binding_support_function
22.1.3
- oracle•communications_cloud_native_core_network_exposure_function
22.1.1
- oracle•communications_cloud_native_core_policy
22.2.0
- redhat•enterprise_linux
8.0
References (8)
- https://bugzilla.redhat.com/show_bug.cgi?id=2000694
- https://ubuntu.com/security/CVE-2021-3772
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://github.com/torvalds/linux/commit/32f8807a48ae55be0e76880cfe8607a18b5bb0df
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://www.debian.org/security/2022/dsa-5096
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.netapp.com/advisory/ntap-20221007-0001/