CVE-2021-23134Use After Free in Linux

CWE-416Use After Free27 documents8 sources
Severity
7.8HIGHNVD
OSV3.5
EPSS
0.0%
top 94.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
LinuxLinux KernelDebian Linux+4 more
Timeline
PublishedMay 12
Latest updateMar 1

Description

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel4.4.2674.4.269+8
Debianlinux/linux_kernel< 5.10.38-1+3
Ubuntulinux/linux_kernel< 4.15.0-151.157+2
CVEListV5linux/linuxa1cdd18c49d23ec38097ac2c5b0d761146fc010926157c82ba756767b2bd66d28a71b1bc454447f6+9
debiandebian/linux< linux 5.10.38-1 (bookworm)

Also affects: Debian Linux 9.0, Fedora 33, 34

Patches

Patch: git.kernel.orgPatch: www.openwall.comPatch: git.kernel.org

🔴Vulnerability Details

12
GHSA
GHSA-47q3-98v3-643r: In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix r2024-03-01
OSV
CVE-2021-47068: In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix ref2024-02-29
GHSA
GHSA-jm36-c9r2-g7rq: Use After Free vulnerability in nfc sockets in the Linux Kernel before 52022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-03-22
OSV
CVE-2021-23134: In llcp_sock_bind/connect of llcp_sock2021-12-01

📋Vendor Advisories

13
Red Hat
kernel: net/nfc: fix use-after-free llcp_sock_bind/connect2024-02-29
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2021-07-20
Ubuntu
Linux kernel vulnerabilities2021-07-20
Ubuntu
Linux kernel (KVM) vulnerabilities2021-06-25
CVE-2021-23134 — Use After Free in Linux | cvebase