Lucene search

K
cvelistRedhatCVELIST:CVE-2021-3640
HistoryMar 03, 2022 - 10:04 p.m.

CVE-2021-3640

2022-03-0322:04:15
CWE-362
redhat
www.cve.org
1
flaw
linux kernel
hci subsystem
use-after-free
uffdio_register
race condition
privileged user
system crash
privilege escalation

AI Score

7.3

Confidence

High

EPSS

0

Percentile

5.1%

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

CNA Affected

[
  {
    "product": "kernel",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above."
      }
    ]
  }
]