CVE-2021-3573

Published: Aug 13, 2021Modified: Nov 21, 2024

6.4

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: NVD

Description

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Affected (9)

Products: Linux: Linux Kernel · Redhat: Enterprise Linux · Fedoraproject: Fedora

1 product

1 product

Enterprise Linux

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Before 5.13
Linux Linux Kernel	Version 5.13 rc1
Linux Linux Kernel	Version 5.13 rc2
Linux Linux Kernel	Version 5.13 rc3
Linux Linux Kernel	Version 5.13 rc4

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (8)

http://www.openwall.com/lists/oss-security/2023/07/02/1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1966578

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52

Source: secalert@redhat.com

PatchVendor Advisory

https://www.openwall.com/lists/oss-security/2021/06/08/2

Source: secalert@redhat.com

ExploitMailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2023/07/02/1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1966578

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.openwall.com/lists/oss-security/2021/06/08/2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

Timeline

No history available yet.