Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
616
VMScore

CVE-2021-3573

Published: 13/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 6.4 | Impact Score: 5.9 | Exploitability Score: 0.5
VMScore: 616
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions before 5.13-rc5.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel 5.13

linux linux kernel

redhat enterprise linux 7.0

redhat enterprise linux 6.0

redhat enterprise linux 8.0

fedoraproject fedora 34

Vendor Advisories

Ubuntu Security Notice: USN-5343-1: Linux kernel vulnerabilities
Several security issues were fixed in the Linux kernel ...
Red Hat: Important: kernel-rt security and bug fix update
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this upd ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes
Synopsis Moderate: Red Hat Advanced Cluster Management 2211 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 2211 General Availability release images, which provide one or more container updates and bug fixesRed Hat Product Security has rated this update as ...
Red Hat: CVE-2021-3573
A flaw use-after-free in the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event A local user could use this flaw to crash the system or escalate their privileges on the system ...
Amazon Linux 2: ALAS2KERNEL-5.4-2022-004
A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...
Amazon Linux 2: ALAS2-2021-1685
A vulnerability was found in the bluez, where Passkey Entry protocol used in Secure Simple Pairing (SSP), Secure Connections (SC) and LE Secure Connections (LESC) of the Bluetooth Core Specification is vulnerable to an impersonation attack where an active attacker can impersonate the initiating device without any previous knowledge (CVE-2020-26558 ...
Amazon Linux 2: ALAS2KERNEL-5.10-2022-002
A flaw was found in the Linux kernels implementation of wifi fragmentation handling An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to another device (CVE-2020-24586) A flaw was found in the Linux kernel ...
Arch Linux Issues:
A use after free vulnerability has been found in the hci_sock_bound_ioctl() function of the Linux kernel It can allow attackers to corrupt kernel heaps (kmalloc-8k to be specific) and adopt further exploitations ...

Mailing Lists

Full Disclosure: CVE-2021-3640: Linux kernel: UAF in sco_send_frame function
Hello there, Just like the previous, tedious race condition vulnerability caused by the unexpected locking behavior (CVE-2021-3573), a similar one is found this time =*=*=*=*=*=*=*=*= BUG DETAILS =*=*=*=*=*=*=*=*= We can find another place that uses bh_lock_sock() in the Linux Bluetooth stacks static void sco_conn_del(struct hci_conn *hcon, ...
Full Disclosure: CVE-2021-3573: UAF in hci_sock_bound_ioctl() function
Hello there, Our team (BlockSec) found an UAF vulnerability in function hci_sock_bound_ioctl() It can allow attackers to corrupt kernel heaps (kmalloc-8k to be specific) and adopt further exploitations =*=*=*=*=*=*=*=*= BUG DETAILS =*=*=*=*=*=*=*=*= The hci_sock_bound_ioctl() function is in charge of five HCI commands /* Ioctls that req ...

References

CWE-362https://bugzilla.redhat.com/show_bug.cgi?id=1966578https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52https://www.openwall.com/lists/oss-security/2021/06/08/2http://www.openwall.com/lists/oss-security/2023/07/02/1https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5343-1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673CVE-2024-36674CVE-2024-27348unspecifiedCVE-2024-24919CVE-2024-4870malicious code‎CVE-2024-2019hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook