Unrated severityNVD Advisory· Published Aug 25, 2022· Updated Nov 3, 2025
CVE-2021-3979
CVE-2021-3979
Description
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.
Affected products
17- Red Hat/Ceph Storagedescription
- osv-coords16 versionspkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/ceph&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/ceph&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ceph-test&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/fmt&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/fmt&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/suse/ceph&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ceph&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/fmt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/fmt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/fmt&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
< 16.2.9.536+g41a9f9a5573-150300.6.3.1+ 15 more
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.6.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150400.3.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.6.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-1.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.6.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150400.3.3.1
- (no CPE)range: < 8.0.1-150300.7.5.1
- (no CPE)range: < 8.0.1-150300.7.5.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.3.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.6.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.6.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150300.6.3.1
- (no CPE)range: < 16.2.9.536+g41a9f9a5573-150400.3.3.1
- (no CPE)range: < 8.0.1-150300.7.5.1
- (no CPE)range: < 8.0.1-150300.7.5.1
- (no CPE)range: < 8.0.1-150300.7.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPOK44BESMIFW6BIOGCN452AKKOIIT6Q/mitrevendor-advisory
- access.redhat.com/security/cve/CVE-2021-3979mitre
- bugzilla.redhat.com/show_bug.cgimitre
- github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656mitre
- github.com/ceph/ceph/pull/44765mitre
- lists.debian.org/debian-lts-announce/2023/10/msg00034.htmlmitre
- tracker.ceph.com/issues/54006mitre
News mentions
0No linked articles in our index yet.