CVE-2021-3573 — Race Condition in Kernel
CWE-362 — Race ConditionCWE-788 — Access of Memory Location After End of Buffer21 documents9 sources
Severity
6.4MEDIUMNVD
OSV7.8OSV5.5OSV4.2
EPSS
0.0%
top 91.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 13
Latest updateSep 24
Description
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-r…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9
Affected Packages7 packages
Also affects: Enterprise Linux 6.0, 7.0, 8.0, Fedora 34
Patches
🔴Vulnerability Details
10GHSA▶
GHSA-73pg-2qfc-2cfm: A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way↗2022-05-24
OSV▶
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities↗2021-08-24
OSV▶
linux, linux-aws, linux-azure, linux-gcp, linux-hwe-5.11, linux-kvm, linux-oracle, linux-raspi vulnerabilities↗2021-08-18
📋Vendor Advisories
9📄Research Papers
1arXiv
▶