CVE-2021-3764: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-3764 is a memory leak vulnerability discovered in the Linux kernel's ccp_run_aes_gcm_cmd() function within the AMD Cryptographic Coprocessor (CCP) driver. The vulnerability was identified in 2021 and is similar to the older CVE-2019-18808. This flaw allows an attacker to cause a denial of service through memory consumption when the ccp_init_data() function returns an error code (Ubuntu Security, Debian Security).

The vulnerability exists in the drivers/crypto/ccp/ccp-ops.c file of the Linux kernel. The issue occurs specifically in the ccp_run_aes_gcm_cmd() function when ccp_init_data(&src) returns an error code. There were three specific bugs identified: incorrect error handling after ccp_init_data() failure, incorrect label naming for freeing final_wa resources, and a memory leak in the tag handling path (GitHub Commit). The vulnerability has been assigned a CVSS 3 Severity Score of 5.5 (Medium) (Ubuntu Security).

The primary impact of this vulnerability is to system availability through denial of service caused by memory exhaustion. The highest threat from this vulnerability is to system availability, as it allows attackers to cause memory consumption through resource leaks (Ubuntu Security).

The vulnerability was fixed in Linux kernel version 5.15-rc4 through commit 505d9dcb0f7d. The fix addresses all three identified bugs by correcting error handling paths and proper resource cleanup. Various Linux distributions have backported the fix to their supported kernel versions, including Ubuntu, Red Hat, and Debian (GitHub Commit, Ubuntu Security).