CVE-2021-47620

Bluetooth: refactor malicious adv data check

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

Bluetooth: refactor malicious adv data check

Check for out-of-bound read was being performed at the end of while
num_reports loop, and would fill journal with false positives. Added
check to beginning of loop processing so that it doesn't get checked
after ptr has been advanced.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: refactorización de verificación de datos publicitarios maliciosos. Se estaba realizando una verificación de lectura fuera de los límites al final del bucle while num_reports y llenaría el diario con falsos positivos. Se agregó una verificación al comienzo del procesamiento del bucle para que no se verifique después de que se haya avanzado ptr.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-06-20 CVE Reserved
2024-06-20 CVE Published
2024-06-21 EPSS Updated
2024-11-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/305e92f525450f3e1b5f5c9dc7eadb152d66a082	2022-02-03
https://git.kernel.org/stable/c/7889b38a7f21ed19314f83194622b195d328465c	2022-02-08
https://git.kernel.org/stable/c/5a539c08d743d9910631448da78af5e961664c0e	2022-02-08
https://git.kernel.org/stable/c/8819f93cd4a443dfe547aa622b21f723757df3fb	2022-02-08
https://git.kernel.org/stable/c/835d3706852537bf92eb23eb8635b8dee0c0aa67	2022-02-01
https://git.kernel.org/stable/c/83d5196b65d1b29e27d7dd16a3b9b439fb1d2dba	2022-02-01
https://git.kernel.org/stable/c/bcea886771c3f22a590c8c8b9139a107bd7f1e1c	2022-02-01
https://git.kernel.org/stable/c/5c968affa804ba98c3c603f37ffea6fba618025e	2022-02-01
https://git.kernel.org/stable/c/899663be5e75dc0174dc8bda0b5e6826edf0b29a	2021-11-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.4.302 Search vendor "Linux" for product "Linux Kernel" and version " < 4.4.302"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.9.300 Search vendor "Linux" for product "Linux Kernel" and version " < 4.9.300"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.14.265 Search vendor "Linux" for product "Linux Kernel" and version " < 4.14.265"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 4.19.228 Search vendor "Linux" for product "Linux Kernel" and version " < 4.19.228"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.4.176 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4.176"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.10.96 Search vendor "Linux" for product "Linux Kernel" and version " < 5.10.96"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.15.19 Search vendor "Linux" for product "Linux Kernel" and version " < 5.15.19"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.16.5 Search vendor "Linux" for product "Linux Kernel" and version " < 5.16.5"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 5.17 Search vendor "Linux" for product "Linux Kernel" and version " < 5.17"		en		Affected