CVE-2021-33034
kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
En el kernel de Linux versiones anteriores a 5.12.4, el archivo net/bluetooth/hci_event.c, presenta un uso de la memoria previamente liberada cuando se destruye un hci_chan, tambiĆ©n se conoce como CID-5c4c8c954409. Esto conlleva a escribir un valor arbitrario
A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-14 CVE Reserved
- 2021-05-14 CVE Published
- 2023-03-08 First Exploit
- 2024-08-03 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-416: Use After Free
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | Mailing List |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.12.4 Search vendor "Linux" for product "Linux Kernel" and version " < 5.12.4" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|