Bug 2017077 (CVE-2021-34981)

Summary: CVE-2021-34981 kernel: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: acaringi, adscvr, airlied, alciregi, bdettelb, bhu, brdeoliv, bskeggs, chwhite, crwood, dhoward, dvlasenk, fhrbata, fpacheco, gtiwari, hdegoede, hkrzesin, jarod, jarodwilson, jburrell, jeremy, jforbes, jglisse, jlelli, jonathan, josef, jshortt, jstancek, jwboyer, kcarcia, kernel-maint, kernel-mgr, lgoncalv, linville, masami256, mchehab, nmurray, ptalbert, qzhao, rvrbovsk, steved, vkumar, walters, williams, wmealing
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: kernel 5.14rc1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI (ISDN) hardware connection fails.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-20 06:11:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2017078, 2017608, 2017609    
Bug Blocks: 2017079    

Description Michael Kaplan 2021-10-25 14:53:52 UTC 
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

References:

https://www.zerodayinitiative.com/advisories/ZDI-21-1223/
Comment 1 Michael Kaplan 2021-10-25 14:54:16 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2017078]
Comment 2 Justin M. Forbes 2021-10-25 18:50:30 UTC 
This was fixed for Fedora with the 5.12.9 stable kernel updates.