Bug 1970807 (CVE-2021-32399) - CVE-2021-32399 kernel: race condition for removal of the HCI controller
Summary: CVE-2021-32399 kernel: race condition for removal of the HCI controller
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-32399
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1972160 1972161 1972162 1972164 1970809 1971454 1971455 1971456 1971457 1971458 1971459 1971460 1971461 1971462 1971463 1971464 1971465 1971466 1971467 1971468 1971469 1971470 1971472 1971473 1971474 1971475 1971476 1971477 1971478 1971488 1971489 1971491 1971492 1972107 1972108 1996072
Blocks: 1970808
TreeView+ depends on / blocked
 
Reported: 2021-06-11 09:22 UTC by msiddiqu
Modified: 2022-05-17 08:57 UTC (History)
61 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel’s handling of the removal of Bluetooth HCI controllers. This flaw allows an attacker with a local account to exploit a race condition, leading to corrupted memory and possible privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-07-20 21:54:47 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:2714 0 None None None 2021-07-20 22:34:58 UTC
Red Hat Product Errata RHSA-2021:2715 0 None None None 2021-07-20 20:55:16 UTC
Red Hat Product Errata RHSA-2021:2716 0 None None None 2021-07-21 00:14:39 UTC
Red Hat Product Errata RHSA-2021:3173 0 None None None 2021-08-17 08:29:20 UTC
Red Hat Product Errata RHSA-2021:3181 0 None None None 2021-08-17 08:31:30 UTC
Red Hat Product Errata RHSA-2021:3320 0 None None None 2021-08-31 08:24:49 UTC
Red Hat Product Errata RHSA-2021:3321 0 None None None 2021-08-31 08:03:48 UTC
Red Hat Product Errata RHSA-2021:3327 0 None None None 2021-08-31 09:09:09 UTC
Red Hat Product Errata RHSA-2021:3328 0 None None None 2021-08-31 09:09:27 UTC
Red Hat Product Errata RHSA-2021:3363 0 None None None 2021-08-31 09:20:51 UTC
Red Hat Product Errata RHSA-2021:3375 0 None None None 2021-08-31 08:53:33 UTC
Red Hat Product Errata RHSA-2021:3380 0 None None None 2021-08-31 09:04:11 UTC
Red Hat Product Errata RHSA-2021:3381 0 None None None 2021-08-31 09:31:21 UTC
Red Hat Product Errata RHSA-2021:3392 0 None None None 2021-08-31 13:35:09 UTC
Red Hat Product Errata RHSA-2021:3399 0 None None None 2021-08-31 19:45:11 UTC
Red Hat Product Errata RHSA-2021:3477 0 None None None 2021-09-09 09:22:16 UTC
Red Hat Product Errata RHSA-2021:3522 0 None None None 2021-09-14 08:44:32 UTC
Red Hat Product Errata RHSA-2021:3523 0 None None None 2021-09-14 08:45:00 UTC
Red Hat Product Errata RHSA-2021:3725 0 None None None 2021-10-05 07:52:50 UTC
Red Hat Product Errata RHSA-2022:0157 0 None None None 2022-01-18 08:47:44 UTC

Description msiddiqu 2021-06-11 09:22:01 UTC 
net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

Upstream commit:
 
https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80

References: 
 
http://www.openwall.com/lists/oss-security/2021/05/11/2
Comment 1 msiddiqu 2021-06-11 09:23:43 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1970809]
Comment 17 Justin M. Forbes 2021-06-15 15:29:26 UTC 
This was fixed for Fedora with the 5.11.21 stable kernel updates.
Comment 19 errata-xmlrpc 2021-07-20 20:55:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2715 https://access.redhat.com/errata/RHSA-2021:2715
Comment 20 Product Security DevOps Team 2021-07-20 21:54:47 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-32399
Comment 21 errata-xmlrpc 2021-07-20 22:34:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2714 https://access.redhat.com/errata/RHSA-2021:2714
Comment 22 errata-xmlrpc 2021-07-21 00:14:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:2716 https://access.redhat.com/errata/RHSA-2021:2716
Comment 23 errata-xmlrpc 2021-08-17 08:29:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3173 https://access.redhat.com/errata/RHSA-2021:3173
Comment 24 errata-xmlrpc 2021-08-17 08:31:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2021:3181 https://access.redhat.com/errata/RHSA-2021:3181
Comment 29 errata-xmlrpc 2021-08-31 08:03:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.3 Advanced Update Support

Via RHSA-2021:3321 https://access.redhat.com/errata/RHSA-2021:3321
Comment 30 errata-xmlrpc 2021-08-31 08:24:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Advanced Update Support
  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.6 Telco Extended Update Support

Via RHSA-2021:3320 https://access.redhat.com/errata/RHSA-2021:3320
Comment 31 errata-xmlrpc 2021-08-31 08:53:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3375 https://access.redhat.com/errata/RHSA-2021:3375
Comment 32 errata-xmlrpc 2021-08-31 09:04:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3380 https://access.redhat.com/errata/RHSA-2021:3380
Comment 33 errata-xmlrpc 2021-08-31 09:09:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3327 https://access.redhat.com/errata/RHSA-2021:3327
Comment 34 errata-xmlrpc 2021-08-31 09:09:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3328 https://access.redhat.com/errata/RHSA-2021:3328
Comment 35 errata-xmlrpc 2021-08-31 09:20:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2021:3363 https://access.redhat.com/errata/RHSA-2021:3363
Comment 36 errata-xmlrpc 2021-08-31 09:31:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2021:3381 https://access.redhat.com/errata/RHSA-2021:3381
Comment 37 errata-xmlrpc 2021-08-31 13:35:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions

Via RHSA-2021:3392 https://access.redhat.com/errata/RHSA-2021:3392
Comment 38 errata-xmlrpc 2021-08-31 19:45:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.2 Advanced Update Support

Via RHSA-2021:3399 https://access.redhat.com/errata/RHSA-2021:3399
Comment 40 errata-xmlrpc 2021-09-09 09:22:12 UTC 
This issue has been addressed in the following products:

  Red Hat Virtualization 4 for Red Hat Enterprise Linux 7

Via RHSA-2021:3477 https://access.redhat.com/errata/RHSA-2021:3477
Comment 41 errata-xmlrpc 2021-09-14 08:44:28 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Advanced Update Support
  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
  Red Hat Enterprise Linux 7.7 Telco Extended Update Support

Via RHSA-2021:3522 https://access.redhat.com/errata/RHSA-2021:3522
Comment 42 errata-xmlrpc 2021-09-14 08:44:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions

Via RHSA-2021:3523 https://access.redhat.com/errata/RHSA-2021:3523
Comment 43 errata-xmlrpc 2021-10-05 07:52:47 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Advanced Update Support

Via RHSA-2021:3725 https://access.redhat.com/errata/RHSA-2021:3725
Comment 45 errata-xmlrpc 2022-01-18 08:47:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Extended Lifecycle Support

Via RHSA-2022:0157 https://access.redhat.com/errata/RHSA-2022:0157
Note You need to log in before you can comment on or make changes to this bug.