CVE-2021-3923

Advisory lineage Upstream: 0 Downstream: 12

Downstream

DEBIAN-CVE-2021-3923 RHSA-2022:1975 RHSA-2022:1988 SUSE-SU-2023:1800-1 SUSE-SU-2023:1801-1 SUSE-SU-2023:1803-1

Modified

Published: 27 Mar 2023, 00:00

Last modified:24 Feb 2025, 19:19

Vulnerability Summary

Overall Risk (default)

minimal

9/100

CVSS Score

2.3 LOW

v3.1 (cve.org)

EPSS Score

0.02% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Mar 2023, 00:00

Published

Vulnerability first disclosed

24 Feb 2025, 19:19

Last Modified

Vulnerability information updated

Description

A flaw was found in the Linux kernel's implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.

CVSS Metrics

v3.1•LOW•Score: 2.3CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Trends

Current EPSS score: 0.02%• Percentile: 4%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

fedoraproject•fedora
37
linux•linux_kernel
< 5.15.14
redhat•enterprise_linux
6.0 | 7.0 | 8.0