Bug 1970807 (CVE-2021-32399)

Summary: CVE-2021-32399 kernel: race condition for removal of the HCI controller
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, asavkov, bhu, bmasney, brdeoliv, bskeggs, chwhite, crwood, dblechte, dfediuck, dhoward, dvlasenk, eedri, fhrbata, fpacheco, gtiwari, hdegoede, hkrzesin, jarodwilson, jeremy, jforbes, jglisse, jlelli, joe.lawrence, jonathan, josef, jpoimboe, jshortt, jstancek, jthierry, jwboyer, kbenoit, kcarcia, kernel-maint, kernel-mgr, kpatch-maint, lgoncalv, linville, masami256, mchehab, mgoldboi, michal.skrivanek, nmurray, nobody, ptalbert, qzhao, rhandlin, rvrbovsk, sbonazzo, sherold, steved, walters, wcosta, williams, wmealing, ycote, yturgema, zhilli
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-20 21:54:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1972160, 1972161, 1972162, 1972164, 1970809, 1971454, 1971455, 1971456, 1971457, 1971458, 1971459, 1971460, 1971461, 1971462, 1971463, 1971464, 1971465, 1971466, 1971467, 1971468, 1971469, 1971470, 1971472, 1971473, 1971474, 1971475, 1971476, 1971477, 1971478, 1971488, 1971489, 1971491, 1971492, 1972107, 1972108, 1996072    
Bug Blocks: 1970808    

Description msiddiqu 2021-06-11 09:22:01 UTC 
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

Upstream commit:
 
https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80

References: 
 
http://www.openwall.com/lists/oss-security/2021/05/11/2
Comment 1 msiddiqu 2021-06-11 09:23:43 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1970809]
Comment 17 Justin M. Forbes 2021-06-15 15:29:26 UTC 
This was fixed for Fedora with the 5.11.21 stable kernel updates.
Comment 19 errata-xmlrpc 2021-07-20 20:55:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2715 https://access.redhat.com/errata/RHSA-2021:2715
Comment 20 Product Security DevOps Team 2021-07-20 21:54:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-32399
Comment 21 errata-xmlrpc 2021-07-20 22:34:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2714 https://access.redhat.com/errata/RHSA-2021:2714
Comment 22 errata-xmlrpc 2021-07-21 00:14:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2716 https://access.redhat.com/errata/RHSA-2021:2716
Comment 23 errata-xmlrpc 2021-08-17 08:29:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3173 https://access.redhat.com/errata/RHSA-2021:3173
Comment 24 errata-xmlrpc 2021-08-17 08:31:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3181 https://access.redhat.com/errata/RHSA-2021:3181
Comment 29 errata-xmlrpc 2021-08-31 08:03:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:3321 https://access.redhat.com/errata/RHSA-2021:3321
Comment 30 errata-xmlrpc 2021-08-31 08:24:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:3320 https://access.redhat.com/errata/RHSA-2021:3320
Comment 31 errata-xmlrpc 2021-08-31 08:53:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3375 https://access.redhat.com/errata/RHSA-2021:3375
Comment 32 errata-xmlrpc 2021-08-31 09:04:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3380 https://access.redhat.com/errata/RHSA-2021:3380
Comment 33 errata-xmlrpc 2021-08-31 09:09:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3327 https://access.redhat.com/errata/RHSA-2021:3327
Comment 34 errata-xmlrpc 2021-08-31 09:09:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3328 https://access.redhat.com/errata/RHSA-2021:3328
Comment 35 errata-xmlrpc 2021-08-31 09:20:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3363 https://access.redhat.com/errata/RHSA-2021:3363
Comment 36 errata-xmlrpc 2021-08-31 09:31:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3381 https://access.redhat.com/errata/RHSA-2021:3381
Comment 37 errata-xmlrpc 2021-08-31 13:35:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2021:3392 https://access.redhat.com/errata/RHSA-2021:3392
Comment 38 errata-xmlrpc 2021-08-31 19:45:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:3399 https://access.redhat.com/errata/RHSA-2021:3399
Comment 40 errata-xmlrpc 2021-09-09 09:22:12 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:3477 https://access.redhat.com/errata/RHSA-2021:3477
Comment 41 errata-xmlrpc 2021-09-14 08:44:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2021:3522 https://access.redhat.com/errata/RHSA-2021:3522
Comment 42 errata-xmlrpc 2021-09-14 08:44:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2021:3523 https://access.redhat.com/errata/RHSA-2021:3523
Comment 43 errata-xmlrpc 2021-10-05 07:52:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2021:3725 https://access.redhat.com/errata/RHSA-2021:3725
Comment 45 errata-xmlrpc 2022-01-18 08:47:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:0157 https://access.redhat.com/errata/RHSA-2022:0157