Bug 1999544 (CVE-2021-3752) - CVE-2021-3752 kernel: possible use-after-free in bluetooth module
Summary: CVE-2021-3752 kernel: possible use-after-free in bluetooth module
Keywords:
Status: NEW
Alias: CVE-2021-3752
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2004506 2005687 2005688 2005689 2005690 2005691 2005692
Blocks: 1999567 1999084
TreeView+ depends on / blocked
 
Reported: 2021-08-31 09:15 UTC by Marian Rehak
Modified: 2021-10-07 12:48 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Marian Rehak 2021-08-31 09:15:55 UTC
Use-after-free may allow local user to partially escalate privileges.

Comment 3 Guilherme de Almeida Suckevicz 2021-09-15 13:18:22 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2004506]


Note You need to log in before you can comment on or make changes to this bug.