Published: 03/03/2022 Updated: 12/02/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

It exists that the Bluetooth subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-3640) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
debian debian linux 9.0
fedoraproject fedora 34
canonical ubuntu linux 18.04
canonical ubuntu linux 14.04
canonical ubuntu linux 20.04
canonical ubuntu linux 16.04
canonical ubuntu linux 21.10
netapp h300s_firmware -
netapp h700s_firmware -
netapp h300e_firmware -
netapp h500e_firmware -
netapp h700e_firmware -
netapp h410s_firmware -
netapp h410c_firmware -
netapp h500s_firmware -

Several security issues were fixed in the Linux kernel ...

A use after free vulnerability has been found in sco_conn_del() in the Bluetooth stack of the Linux kernel, similar to CVE-2021-3573 A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code ...

Several security issues were fixed in the Linux kernel ...

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page A privileged local user could use this flaw to cras ...

Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this updat ...

Synopsis Moderate: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated th ...

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver) (CVE-2020-27820) A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was ...

Synopsis Important: Red Hat Advanced Cluster Management 263 security update Type/Severity Security Advisory: Important Topic Red Hat Advanced Cluster Management for Kubernetes 263 GeneralAvailability release images, which provide security updates, fix bugs, and update container imagesRed Hat Product Security has rated this update as havi ...

Synopsis Moderate: Openshift Logging 5314 bug fix release and security update Type/Severity Security Advisory: Moderate Topic Openshift Logging Bug Fix Release (5314)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...

Synopsis Moderate: Logging Subsystem 555 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Logging Subsystem 555 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severi ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-29374 Jann Horn of Google reported a flaw in Linux's virtual memory management A parent and child process initially share all their memory, but when either writes to a shared page, ...

Hello there, Just like the previous, tedious race condition vulnerability caused by the unexpected locking behavior (CVE-2021-3573), a similar one is found this time =*=*=*=*=*=*=*=*= BUG DETAILS =*=*=*=*=*=*=*=*= We can find another place that uses bh_lock_sock() in the Linux Bluetooth stacks static void sco_conn_del(struct hci_conn *hcon, ...

veracode-container-security-finding-parser Map Vulnerabilities into Different Layers of the Container Image Usage usage: mainpy [-h] [-i INSPECT_FILE] [-s SCAN_FILE] [-d] Example python mainpy Output: Scanned Image: juliantotzek/verademo1-tomcat:latest, Base Image OS Family: centos , Base Image OS Name: 761810 Base Image (based on the first Layer in veracode inspect comman

CWE-362 CWE-416 https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://bugzilla.redhat.com/show_bug.cgi?id=1980646 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 https://www.openwall.com/lists/oss-security/2021/07/22/1 https://ubuntu.com/security/CVE-2021-3640 https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html https://www.debian.org/security/2022/dsa-5096 https://security.netapp.com/advisory/ntap-20220419-0003/https://ubuntu.com/security/notices/USN-5267-1 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5267-3

Get Started

CVE-2021-3640

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect