Vulnerability Details : CVE-2021-32399

net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller.

Published 2021-05-10 22:15:06

Updated 2022-05-13 20:53:51

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-32399

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 32 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-32399

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	[email protected]
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.0	5.9	[email protected]
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-32399

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: [email protected] (Primary)

References for CVE-2021-32399

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80

Mailing List;Patch;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80

Patch;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

Mailing List;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20210622-0006/

Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/2

Exploit;Mailing List;Patch;Third Party Advisory

Products affected by CVE-2021-32399

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions up to, including, (<=) 5.12.2
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Netapp » Cloud Backup » Version: N/A
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
Matching versions
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H300e Firmware » Version: N/A
cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300e » Version: N/A
Netapp » H500e Firmware » Version: N/A
cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500e » Version: N/A
Netapp » H700e Firmware » Version: N/A
cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700e » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A
Netapp » Solidfire Baseboard Management Controller Firmware » Version: N/A
cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » Solidfire Baseboard Management Controller » Version: N/A