CVE-2021-3491

Public on 2021-06-04

Modified on 2024-03-01

Description

A flaw was found in the Linux kernel. The io_uring PROVIDE_BUFFERS operation allowed the MAX_RW_COUNT limit to be bypassed, which led to negative values being used in mem_rw when reading /proc//mem. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity

Important

CVSS v3 Base Score

7.4

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	kernel			Not Affected
Amazon Linux 2 - Core	kernel			Not Affected
Amazon Linux 2 - Kernel-5.15 Extra	kernel			Not Affected
Amazon Linux 2 - Kernel-5.4 Extra	kernel			Not Affected
Amazon Linux 2 - Kernel-5.10 Extra	kernel	2022-01-20	ALAS2KERNEL-5.10-2022-001	Fixed
Amazon Linux 2 - Kernel-5.10 Extra	kernel	2022-01-20	ALAS2KERNEL-5.10-2022-002	Fixed
Amazon Linux 2023	kernel			Not Affected

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	7.4	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
NVD	CVSSv2	7.2	AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD	CVSSv3	8.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

Red Hat: CVE-2021-3491 Mitre: CVE-2021-3491