CVE-2021-3564Double Free in Linux

CWE-415Double FreeCWE-416Use After Free23 documents9 sources
Severity
5.5MEDIUMNVD
OSV7.8OSV5.4OSV4.2
EPSS
0.0%
top 93.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Linux KernelDebian LinuxDebian Linux+6 more
Timeline
PublishedJun 8
Latest updateFeb 14

Description

A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

Debianlinux/linux_kernel< 5.10.46-1+3
Ubuntulinux/linux_kernel< 4.15.0-154.161+3
CVEListV5linux/linux_kernelAll Linux kernel versions starting from 3.13

Also affects: Debian Linux 9.0, Fedora 34

🔴Vulnerability Details

11
GHSA
GHSA-x4rf-jx7j-r49m: A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Blueto2022-05-24
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-03-22
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities2022-02-22
OSV
linux-aws-5.8, linux-azure-5.8, linux-gcp-5.8, linux-oracle-5.8 vulnerabilities2021-08-24
OSV
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities2021-08-24

📋Vendor Advisories

11
Palo Alto
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS2024-02-14
Ubuntu
Linux kernel vulnerabilities2022-03-22
Ubuntu
Linux kernel vulnerabilities2022-02-22
Ubuntu
Linux kernel vulnerabilities2021-08-24
Ubuntu
Linux kernel vulnerabilities2021-08-24
CVE-2021-3564 — Double Free in Debian Linux | cvebase