1. Home
  2. Vulnerabilities
  3. CVE-2021-3573

CVE-2021-3573

CVSS v3.1 6.4 (Medium)
64% Progress
CVSS v2.0 6.9 (Medium)
69% Progress
EPSS 0.04 % (5th)
0.04% Progress
Affected Products 3
Advisories 40
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2021-08-13 14:15:07
(3 years ago)
Updated Date
2023-11-07 03:38:07
(10 months ago)

Affected Products

Fedoraproject

Linux

Redhat

Configuration #1

    CPE23 From Up To
  Linux Kernel prior 5.13 version cpe:2.3:o:linux:linux_kernel < 5.13
  Linux Kernel 5.13 Rc1 cpe:2.3:o:linux:linux_kernel:5.13:rc1
  Linux Kernel 5.13 Rc2 cpe:2.3:o:linux:linux_kernel:5.13:rc2
  Linux Kernel 5.13 Rc3 cpe:2.3:o:linux:linux_kernel:5.13:rc3
  Linux Kernel 5.13 Rc4 cpe:2.3:o:linux:linux_kernel:5.13:rc4

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 6.0 cpe:2.3:o:redhat:enterprise_linux:6.0
  Redhat Enterprise Linux 7.0 cpe:2.3:o:redhat:enterprise_linux:7.0
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0

Configuration #3

    CPE23 From Up To
  Fedoraproject Fedora 34 cpe:2.3:o:fedoraproject:fedora:34