CVE-2021-4202Race Condition in Kernel

CWE-362Race ConditionCWE-416Use After FreeCWE-821Incorrect Synchronization22 documents7 sources
Severity
7.0HIGHNVD
OSV7.8OSV4.7
EPSS
0.1%
top 76.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Linux KernelDebian LinuxMsrc Cbl2 Kernel 5.15.37.1-2 ON CBL Mariner 2.0+5 more
Timeline
PublishedMar 25
Latest updateJul 13

Description

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages11 packages

NVDlinux/linux_kernel3.24.4.294+6
Debianlinux/linux_kernel< 5.10.84-1+3
Ubuntulinux/linux_kernel< 4.15.0-169.177+2
CVEListV5linux/linux_kernelkernel 5.16 rc2
debiandebian/linux< linux 5.15.5-1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

10
OSV
linux-aws vulnerabilities2022-07-13
OSV
linux-lts-xenial, linux-kvm vulnerabilities2022-07-07
OSV
linux, linux-aws vulnerabilities2022-07-01
GHSA
GHSA-gqgp-hh7h-fh5j: A use-after-free flaw was found in nci_request in net/nfc/nci/core2022-03-26
OSV
CVE-2021-4202: A use-after-free flaw was found in nci_request in net/nfc/nci/core2022-03-25

📋Vendor Advisories

11
Ubuntu
Linux kernel (AWS) vulnerabilities2022-07-13
Ubuntu
Linux kernel vulnerabilities2022-07-07
Ubuntu
Linux kernel vulnerabilities2022-07-01
Microsoft
A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data 2022-03-08
Ubuntu
Linux kernel vulnerabilities2022-02-22