CVE-2021-34981

CWE-415 CWE-416 — Use After Free6 documents6 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 98.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Linux Kernel

Timeline

PublishedMay 7

Latest updateMay 8

Description

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶NVDlinux/linux_kernel< 5.10.42

▶CVEListV5linux/kernel4.15.0-118-generic

▶Debianlinux< 5.10.46-1+3

🔴Vulnerability Details

GHSA

GHSA-98qh-xfx7-vfqv: Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability↗2024-05-08

▶

OSV

CVE-2021-34981: Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability↗2024-05-07

▶

CVEList

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability↗2024-05-07

▶

📋Vendor Advisories

Red Hat

kernel: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability↗2021-10-25

▶

Debian

CVE-2021-34981: linux - Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerabilit...↗2021

▶