Vulnerability Details : CVE-2021-3573
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2021-3573
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-3573
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
6.4
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.5
|
5.9
|
NIST |
CWE ids for CVE-2021-3573
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: secalert@redhat.com (Primary)
-
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.Assigned by: secalert@redhat.com (Primary)
References for CVE-2021-3573
-
https://bugzilla.redhat.com/show_bug.cgi?id=1966578
1966578 – (CVE-2021-3573) CVE-2021-3573 kernel: use-after-free in function hci_sock_bound_ioctl()Issue Tracking;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2023/07/02/1
oss-security - CVE-2023-3439: Linux MCTP use-after-free in mctp_sendmsg
-
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
kernel/git/bluetooth/bluetooth.git - Bluetooth kernel treePatch;Vendor Advisory
-
https://www.openwall.com/lists/oss-security/2021/06/08/2
oss-security - CVE-2021-3573: UAF in hci_sock_bound_ioctl() functionExploit;Mailing List;Third Party Advisory
Products affected by CVE-2021-3573
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*