Vulnerability Details : CVE-2021-23134
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2021-23134
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-23134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
nvd@nist.gov |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
psirt@paloaltonetworks.com |
CWE ids for CVE-2021-23134
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by:
- nvd@nist.gov (Primary)
- psirt@paloaltonetworks.com (Secondary)
References for CVE-2021-23134
-
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d
kernel/git/netdev/net.git - Netdev Group's networking treeMailing List;Patch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
[SECURITY] [DLA 2690-1] linux-4.19 security updateMailing List;Third Party Advisory
-
https://www.openwall.com/lists/oss-security/2021/05/11/4
oss-security - CVE-2021-23134: Linux kernel: UAF in nfc socketsMailing List;Patch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
[SECURITY] [DLA 2689-1] linux security updateMailing List;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20210625-0007/
CVE-2021-23134 Linux Kernel Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/
[SECURITY] Fedora 34 Update: kernel-tools-5.11.20-300.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/
[SECURITY] Fedora 33 Update: kernel-5.11.20-200.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Products affected by CVE-2021-23134
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*