CVE-2021-3655: 
Linux Kernel vulnerability analysis and mitigation

A vulnerability (CVE-2021-3655) was discovered in the Linux kernel versions prior to v5.14-rc1. The vulnerability involves missing size validations on inbound SCTP (Stream Control Transmission Protocol) packets, which could potentially expose sensitive kernel memory information (NVD, Ubuntu).

The vulnerability stems from improper size validation in the SCTP implementation within the Linux kernel. Specifically, the issue was identified by security researchers Ilja Van Sprundel and Marcelo Ricardo Leitner, who found that the SCTP implementation did not properly perform size validations on incoming packets in certain situations (Debian LTS). The vulnerability has been assigned a CVSS 3 Severity Score of 3.3 (Low) (Ubuntu).

On systems using SCTP, this vulnerability could allow an attacker to read uninitialized kernel memory, potentially exposing sensitive information. The impact is primarily focused on information disclosure, which could potentially aid in further attacks (Red Hat Bugzilla, Debian LTS).

The vulnerability was fixed in Linux kernel version 5.14-rc1. Various Linux distributions have released patches for their respective kernel versions. Ubuntu has provided fixes for affected versions including 21.10, 21.04, 20.04 LTS, and 18.04 LTS. Debian has addressed the issue in version 4.19.208-1~deb9u1 for Debian 9 stretch and version 4.9.290-1 for other affected releases (Ubuntu Security Notice, Debian LTS).