CVE-2021-3759: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-3759 is a memory overflow vulnerability discovered in the Linux kernel's IPC functionality of the memcg subsystem. The vulnerability was identified in the way a user calls the semget function multiple times to create semaphores. The issue was disclosed in July 2021 and affects various Linux kernel versions (Kernel Patch, Ubuntu Security).

The vulnerability stems from the Linux kernel's failure to properly account for the memory usage of certain IPC objects in the memcg subsystem. Under default sysctl settings, a malicious user could allocate up to 32,000 unaccounted semaphore sets with up to 32,000 unaccounted semaphore objects in each set, plus one sem_undo unaccounted object for each semaphore set. This could result in approximately 63GB of unaccounted memory while being charged for less than 1MB of memory usage. The vulnerability has been assigned a CVSS 3 Severity Score of 5.5 (Medium) (Ubuntu Security).

The primary impact of this vulnerability is on system availability. A local attacker could exploit this flaw to starve system resources by consuming unaccounted memory, potentially leading to system crashes due to memory exhaustion. The highest threat from this vulnerability is to system availability through denial of service attacks (Ubuntu Security, Debian Security).

The vulnerability has been fixed in multiple Linux distributions through security updates. Ubuntu has released fixes for various versions including 21.10 (impish), 21.04 (hirsute), 20.04 LTS (focal), and 18.04 LTS (bionic). Debian has addressed the issue in version 5.10.158-2~deb10u1 for Debian 10 buster. Red Hat has also provided fixes through various security advisories (Ubuntu Security, Debian Security).