CVE-2021-3573

Updated: 2024-11-21 23:54:31.063531

Description:

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.9
CVSS Version 3.x MEDIUM 6.4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS kernel 2.6.32 6.4 MEDIUM Released CLSA-2021:1632262296 2022-05-05 12:01:35
CentOS 7 ELS kernel 3.10.0 6.4 MEDIUM Already Fixed 2023-09-19 09:30:12
CentOS 8.4 ELS kernel 4.18.0 6.4 MEDIUM Released CLSA-2022:1651145959 2022-04-28 16:00:02
CentOS 8.5 ELS kernel 4.18.0 6.4 MEDIUM Ignored 2022-02-21 05:39:39
CloudLinux 6 ELS kernel 2.6.32 6.4 MEDIUM Ignored 2022-01-27 11:19:57
Oracle Linux 6 ELS kernel 2.6.32 6.4 MEDIUM Released CLSA-2022:1669850228 2022-11-30 19:57:37
Ubuntu 16.04 ELS linux 4.4.0 6.4 MEDIUM Released CLSA-2022:1643637294 2022-01-31 11:44:56
Ubuntu 16.04 ELS linux-hwe 4.15.0 6.4 MEDIUM Ignored 2022-09-28 08:02:35
Ubuntu 18.04 ELS linux 4.15.0 6.4 MEDIUM Ignored 2023-03-02 04:04:09