Bug 2017077 (CVE-2021-34981) - CVE-2021-34981 kernel: Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability
Summary: CVE-2021-34981 kernel: Bluetooth CMTP Module Double Free Privilege Escalation...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2021-34981
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2017078 2017608 2017609
Blocks: 2017079
TreeView+ depends on / blocked
 
Reported: 2021-10-25 14:53 UTC by Michael Kaplan
Modified: 2022-01-20 06:11 UTC (History)
45 users (show)

Fixed In Version: kernel 5.14rc1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel's CAPI over Bluetooth connection code. An attacker with a local account can escalate privileges when CAPI (ISDN) hardware connection fails.
Clone Of:
Environment:
Last Closed: 2022-01-20 06:11:45 UTC
Embargoed:


Attachments (Terms of Use)

Description Michael Kaplan 2021-10-25 14:53:52 UTC
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

References:

https://www.zerodayinitiative.com/advisories/ZDI-21-1223/

Comment 1 Michael Kaplan 2021-10-25 14:54:16 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2017078]

Comment 2 Justin M. Forbes 2021-10-25 18:50:30 UTC
This was fixed for Fedora with the 5.12.9 stable kernel updates.


Note You need to log in before you can comment on or make changes to this bug.