CVE-2021-3640
CVSS v3.1
7 (High)
CVSS v2.0
6.9 (Medium)
EPSS
0.04 % (5th)
Affected Products
20
Advisories
45
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2022-03-03 23:15:08
(2 years ago) - Updated Date
-
2023-11-07 03:38:10
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
AND |
|
---|
Configuration #6
AND |
|
---|
Configuration #7
AND |
|
---|
Configuration #8
AND |
|
---|
Configuration #9
AND |
|
---|
Configuration #10
AND |
|
---|
Configuration #11
AND |
|
---|
Configuration #12
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...