CVE-2021-3752

CWE-416 — Use After Free CWE-362 — Race Condition17 documents8 sources

Severity

7.1HIGH

EPSS

0.0%

top 86.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Debian Linux Fedoraproject Fedora +8 more

Timeline

PublishedFeb 16

Latest updateJul 13

Description

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages8 packages

▶NVDlinux/linux_kernel2.6.12 — 4.4.293+7

▶Debianlinux< 5.10.84-1+3

▶CVEListV5kernelkernel 5.15.3

▶NVDredhat/3scale2.0

▶NVDredhat/virtualization_host4.0

Also affects: Debian Linux 10.0, 9.0, Enterprise Linux 7.0, 8.0, 7, Fedora 34

Patches

Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

linux-aws vulnerabilities↗2022-07-13

▶

OSV

linux-lts-xenial, linux-kvm vulnerabilities↗2022-07-07

▶

GHSA

GHSA-3f53-58pp-pg79: A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously du↗2022-02-17

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2022-02-17

▶

CVEList

CVE-2021-3752: A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously du↗2022-02-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel (AWS) vulnerabilities↗2022-07-13

▶

Ubuntu

Linux kernel vulnerabilities↗2022-07-07

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2022-02-17

▶

Microsoft

▶

Ubuntu

Linux kernel vulnerabilities↗2022-02-03

▶