CVE-2021-33034Use After Free in Kernel

CWE-416Use After Free24 documents8 sources
Severity
7.8HIGHNVD
OSV5.4OSV3.5
EPSS
0.1%
top 67.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Linux KernelDebian LinuxDebian Linux+4 more
Timeline
PublishedMay 14
Latest updateFeb 14

Description

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel< 5.12.4
Debianlinux/linux_kernel< 5.10.38-1+3
Ubuntulinux/linux_kernel< 4.15.0-151.157+3
debiandebian/linux< linux 5.10.38-1 (bookworm)

Also affects: Debian Linux 9.0, Fedora 34

Patches

Patch: cdn.kernel.orgPatch: git.kernel.orgPatch: cdn.kernel.org

🔴Vulnerability Details

10
OSV
CVE-2021-33034: In hci_send_acl and related functions of hci_core2022-06-01
GHSA
GHSA-3qpw-8jg3-xjrh: In the Linux kernel before 52022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-03-22
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-02-22
OSV
linux, linux-aws, linux-aws-5.8, linux-azure, linux-azure-5.8, linux-gcp, linux-gcp-5.8, linux-hwe-5.8, linux-kvm, linux-oracle, linux-oracle-5.8, linux-raspi vulnerabilities2021-07-20

📋Vendor Advisories

13
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-02-22
Ubuntu
Linux kernel vulnerabilities2021-07-20
Ubuntu
Linux kernel vulnerabilities2021-07-20
CVE-2021-33034 — Use After Free in Linux Kernel | cvebase