CVE-2021-4439: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug. [ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted 5.15.0-rc2+ #8 [ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 46.870107][ T6479] Call Trace: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479]
AI Analysis
Technical Summary
CVE-2021-4439 is a vulnerability identified in the Linux kernel's ISDN subsystem, specifically within the CAPI (Common ISDN Application Programming Interface) driver code. The vulnerability arises from an improper bounds check on the controller number (ctr->cnr) when adding a CMTP (Connectionless Message Transport Protocol) session to a controller. The function cmtp_add_connection() initiates a kernel thread to process CMTP sessions. During this process, the kernel thread calls detach_capi_ctr() to detach a registered controller. However, if the controller was not attached yet, detach_capi_ctr() can be invoked with an invalid index, leading to an array index out-of-bounds error. This is confirmed by the UBSAN (Undefined Behavior Sanitizer) error logs showing an index of -1 being accessed in an array of 32 pointers to capi_ctr structures. The out-of-bounds access occurs in the kernel space, which can cause undefined behavior including kernel crashes (denial of service) or potentially memory corruption. The vulnerability affects Linux kernel versions prior to the patch that added proper validation of the controller index before accessing the array. The issue is located in the drivers/isdn/capi/kcapi.c source file. No known exploits are reported in the wild as of the publication date. The vulnerability does not require user interaction but does require the kernel to be running the affected ISDN CAPI subsystem, which is less commonly used in modern systems but may still be present in specialized telecommunication or industrial environments. No CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-4439 depends largely on the deployment of Linux systems utilizing the ISDN CAPI subsystem. While ISDN technology is less prevalent today, it remains in use in certain telecommunications, industrial control, and legacy systems across Europe. Exploitation of this vulnerability could lead to kernel crashes causing denial of service, which may disrupt critical services relying on affected Linux systems. In worst-case scenarios, the out-of-bounds access could be leveraged to execute arbitrary code in kernel context, potentially leading to privilege escalation or persistent compromise. This risk is particularly relevant for telecom operators, industrial control system operators, and enterprises running specialized Linux distributions with ISDN support enabled. Given the kernel-level nature of the vulnerability, successful exploitation could compromise system integrity and availability, impacting business continuity and service reliability. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent future exploitation attempts.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2021-4439 as soon as they become available from trusted sources or Linux distribution vendors. 2. For organizations using custom or embedded Linux kernels, ensure that the ISDN CAPI driver code is updated to include proper bounds checking on controller indices. 3. Disable the ISDN CAPI subsystem if it is not required in the environment to reduce the attack surface. This can be done by blacklisting the relevant kernel modules or disabling ISDN support at kernel compile time. 4. Monitor kernel logs for any unusual UBSAN or kernel oops messages related to the CAPI driver, which could indicate attempted exploitation or instability. 5. Implement strict access controls and network segmentation to limit exposure of systems running ISDN services to untrusted networks. 6. Conduct thorough testing of kernel updates in a staging environment before deployment to production to ensure stability and compatibility. 7. Maintain an up-to-date inventory of Linux systems and their kernel versions to quickly identify and remediate vulnerable hosts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium
CVE-2021-4439: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would trigger an array-index-out-bounds bug. [ 46.866069][ T6479] UBSAN: array-index-out-of-bounds in drivers/isdn/capi/kcapi.c:483:21 [ 46.867196][ T6479] index -1 is out of range for type 'capi_ctr *[32]' [ 46.867982][ T6479] CPU: 1 PID: 6479 Comm: kcmtpd_ctr_0 Not tainted 5.15.0-rc2+ #8 [ 46.869002][ T6479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 [ 46.870107][ T6479] Call Trace: [ 46.870473][ T6479] dump_stack_lvl+0x57/0x7d [ 46.870974][ T6479] ubsan_epilogue+0x5/0x40 [ 46.871458][ T6479] __ubsan_handle_out_of_bounds.cold+0x43/0x48 [ 46.872135][ T6479] detach_capi_ctr+0x64/0xc0 [ 46.872639][ T6479] cmtp_session+0x5c8/0x5d0 [ 46.873131][ T6479] ? __init_waitqueue_head+0x60/0x60 [ 46.873712][ T6479] ? cmtp_add_msgpart+0x120/0x120 [ 46.874256][ T6479] kthread+0x147/0x170 [ 46.874709][ T6479] ? set_kthread_struct+0x40/0x40 [ 46.875248][ T6479] ret_from_fork+0x1f/0x30 [ 46.875773][ T6479]
AI-Powered Analysis
Technical Analysis
CVE-2021-4439 is a vulnerability identified in the Linux kernel's ISDN subsystem, specifically within the CAPI (Common ISDN Application Programming Interface) driver code. The vulnerability arises from an improper bounds check on the controller number (ctr->cnr) when adding a CMTP (Connectionless Message Transport Protocol) session to a controller. The function cmtp_add_connection() initiates a kernel thread to process CMTP sessions. During this process, the kernel thread calls detach_capi_ctr() to detach a registered controller. However, if the controller was not attached yet, detach_capi_ctr() can be invoked with an invalid index, leading to an array index out-of-bounds error. This is confirmed by the UBSAN (Undefined Behavior Sanitizer) error logs showing an index of -1 being accessed in an array of 32 pointers to capi_ctr structures. The out-of-bounds access occurs in the kernel space, which can cause undefined behavior including kernel crashes (denial of service) or potentially memory corruption. The vulnerability affects Linux kernel versions prior to the patch that added proper validation of the controller index before accessing the array. The issue is located in the drivers/isdn/capi/kcapi.c source file. No known exploits are reported in the wild as of the publication date. The vulnerability does not require user interaction but does require the kernel to be running the affected ISDN CAPI subsystem, which is less commonly used in modern systems but may still be present in specialized telecommunication or industrial environments. No CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2021-4439 depends largely on the deployment of Linux systems utilizing the ISDN CAPI subsystem. While ISDN technology is less prevalent today, it remains in use in certain telecommunications, industrial control, and legacy systems across Europe. Exploitation of this vulnerability could lead to kernel crashes causing denial of service, which may disrupt critical services relying on affected Linux systems. In worst-case scenarios, the out-of-bounds access could be leveraged to execute arbitrary code in kernel context, potentially leading to privilege escalation or persistent compromise. This risk is particularly relevant for telecom operators, industrial control system operators, and enterprises running specialized Linux distributions with ISDN support enabled. Given the kernel-level nature of the vulnerability, successful exploitation could compromise system integrity and availability, impacting business continuity and service reliability. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed proactively to prevent future exploitation attempts.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2021-4439 as soon as they become available from trusted sources or Linux distribution vendors. 2. For organizations using custom or embedded Linux kernels, ensure that the ISDN CAPI driver code is updated to include proper bounds checking on controller indices. 3. Disable the ISDN CAPI subsystem if it is not required in the environment to reduce the attack surface. This can be done by blacklisting the relevant kernel modules or disabling ISDN support at kernel compile time. 4. Monitor kernel logs for any unusual UBSAN or kernel oops messages related to the CAPI driver, which could indicate attempted exploitation or instability. 5. Implement strict access controls and network segmentation to limit exposure of systems running ISDN services to untrusted networks. 6. Conduct thorough testing of kernel updates in a staging environment before deployment to production to ensure stability and compatibility. 7. Maintain an up-to-date inventory of Linux systems and their kernel versions to quickly identify and remediate vulnerable hosts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-06-20T12:07:18.155Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9835c4522896dcbea7ec
Added to database: 5/21/2025, 9:09:09 AM
Last enriched: 6/26/2025, 9:23:25 AM
Last updated: 8/17/2025, 3:07:56 AM
Views: 16
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.