Bug 1964139 (CVE-2021-3564) - CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device initialization fails
Summary: CVE-2021-3564 kernel: double free in bluetooth subsystem when the HCI device ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-3564
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1964782 1964783 1964784 1964785 1964449 1964556 1964557 1964558 1964559 1964560 1967263
Blocks: 1962167 1964142
TreeView+ depends on / blocked
 
Reported: 2021-05-24 19:31 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-04-17 21:40 UTC (History)
43 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system.
Clone Of:
Environment:
Last Closed: 2021-11-09 21:22:50 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2022:0679 0 None None None 2022-02-24 20:40:45 UTC
Red Hat Product Errata RHBA-2022:0690 0 None None None 2022-02-28 14:16:34 UTC
Red Hat Product Errata RHBA-2022:0740 0 None None None 2022-03-03 15:57:51 UTC
Red Hat Product Errata RHSA-2021:4140 0 None None None 2021-11-09 17:23:29 UTC
Red Hat Product Errata RHSA-2021:4356 0 None None None 2021-11-09 18:26:59 UTC
Red Hat Product Errata RHSA-2022:0620 0 None None None 2022-02-22 16:57:54 UTC
Red Hat Product Errata RHSA-2022:0622 0 None None None 2022-02-22 17:00:33 UTC

Description Guilherme de Almeida Suckevicz 2021-05-24 19:31:59 UTC 
A flaw was found in the Linux kernel in the BlueTooth subsystem when the HCI device initialization fails. It can lead to unexpected results, like double-free memory corruption vulnerability.
Comment 1 Guilherme de Almeida Suckevicz 2021-05-25 13:51:58 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1964449]
Comment 17 Justin M. Forbes 2021-06-29 16:23:32 UTC 
This was fixed for Fedora with the 5.12.10 stable kernel updates.
Comment 19 errata-xmlrpc 2021-11-09 17:23:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4140 https://access.redhat.com/errata/RHSA-2021:4140
Comment 20 errata-xmlrpc 2021-11-09 18:26:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2021:4356 https://access.redhat.com/errata/RHSA-2021:4356
Comment 21 Product Security DevOps Team 2021-11-09 21:22:46 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-3564
Comment 22 errata-xmlrpc 2022-02-22 16:57:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0620 https://access.redhat.com/errata/RHSA-2022:0620
Comment 23 errata-xmlrpc 2022-02-22 17:00:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2022:0622 https://access.redhat.com/errata/RHSA-2022:0622
Note You need to log in before you can comment on or make changes to this bug.