CVE-2021-3669 - Vulnerability Details

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Ibm	Spectrum Copy Data Management Spectrum Protect Plus
Linux	Linux Kernel
Redhat	Build Of Quarkus Codeready Linux Builder Developer Tools Enterprise Linux Enterprise Linux Aus Enterprise Linux Eus Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux For Real Time Enterprise Linux For Real Time For Nfv Enterprise Linux For Real Time For Nfv Tus Enterprise Linux For Real Time Tus Enterprise Linux Server Aus Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Enterprise Linux Server Tus Openshift Container Platform Virtualization Host

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:ibm:spectrum_copy_data_management::::::::
	cpe:2.3:a:ibm:spectrum_protect_plus::::::::

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*

Configuration 4 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:redhat:build_of_quarkus::::::::
	cpe:2.3:a:redhat:developer_tools:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Configuration 6 [-]

AND

cpe:2.3:a:redhat:codeready_linux_builder:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*

Configuration 7 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.6:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.7:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.9:::::::*
	cpe:2.3:a:redhat:virtualization_host:4.0:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-372.9.1.rt7.166.el8	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2022:1975	2022-05-10T00:00:00Z
kernel-0:4.18.0-372.9.1.el8	cpe:/o:redhat:enterprise_linux:8	RHSA-2022:1988	2022-05-10T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-3912-1	linux security update
Ubuntu USN	USN-5924-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-5927-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-5975-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5980-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5981-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5984-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5985-1	Linux kernel vulnerabilities
Ubuntu USN	USN-5991-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-6001-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-6009-1	Linux kernel (GCP) vulnerabilities
Ubuntu USN	USN-6013-1	Linux kernel (AWS) vulnerabilities
Ubuntu USN	USN-6014-1	Linux kernel vulnerabilities
Ubuntu USN	USN-6020-1	Linux kernel (BlueField) vulnerabilities
Ubuntu USN	USN-6030-1	Linux kernel (Qualcomm Snapdragon) vulnerabilities
Ubuntu USN	USN-6151-1	Linux kernel (Xilinx ZynqMP) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2021-3669
https://bugzilla.redhat.com/show_bug.cgi?id=1980619
https://bugzilla.redhat.com/show_bug.cgi?id=1986473
https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3669
https://security-tracker.debian.org/tracker/CVE-2021-3669
https://www.cve.org/CVERecord?id=CVE-2021-3669

History

Mon, 03 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-26T15:25:40.000Z

Updated: 2025-11-03T21:44:59.899Z

Reserved: 2021-07-29T00:00:00.000Z

Link: CVE-2021-3669

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-26T16:15:09.273

Modified: 2025-11-03T22:15:50.677

Link: CVE-2021-3669

Redhat

Severity : Moderate

Publid Date: 2021-08-02T06:02:00Z

Links: CVE-2021-3669 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object