{ "threat_severity" : "Important", "public_date" : "2021-03-22T00:00:00Z", "bugzilla" : { "description" : "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan", "id" : "1961305", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1961305" }, "cvss3" : { "cvss3_base_score" : "7.8", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-416", "details" : [ "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.", "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2726", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-1160.36.2.rt56.1179.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2725", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1160.36.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2727", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2734", "cpe" : "cpe:/o:redhat:rhel_aus:7.2", "package" : "kernel-0:3.10.0-327.98.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2733", "cpe" : "cpe:/o:redhat:rhel_aus:7.3", "package" : "kernel-0:3.10.0-514.90.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2732", "cpe" : "cpe:/o:redhat:rhel_aus:7.4", "package" : "kernel-0:3.10.0-693.90.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2732", "cpe" : "cpe:/o:redhat:rhel_tus:7.4", "package" : "kernel-0:3.10.0-693.90.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2732", "cpe" : "cpe:/o:redhat:rhel_e4s:7.4", "package" : "kernel-0:3.10.0-693.90.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2730", "cpe" : "cpe:/o:redhat:rhel_aus:7.6", "package" : "kernel-0:3.10.0-957.78.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2730", "cpe" : "cpe:/o:redhat:rhel_tus:7.6", "package" : "kernel-0:3.10.0-957.78.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2730", "cpe" : "cpe:/o:redhat:rhel_e4s:7.6", "package" : "kernel-0:3.10.0-957.78.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2731", "cpe" : "cpe:/o:redhat:rhel_e4s:7.6", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2728", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "kernel-0:3.10.0-1062.52.2.el7" }, { "product_name" : "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2729", "cpe" : "cpe:/o:redhat:rhel_eus:7.7", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-06-29T00:00:00Z", "advisory" : "RHSA-2021:2599", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-305.7.1.rt7.79.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-06-29T00:00:00Z", "advisory" : "RHSA-2021:2563", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-06-29T00:00:00Z", "advisory" : "RHSA-2021:2570", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-305.7.1.el8_4" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2021-07-07T00:00:00Z", "advisory" : "RHSA-2021:2666", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kernel-0:4.18.0-147.51.1.el8_1" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2021-07-07T00:00:00Z", "advisory" : "RHSA-2021:2668", "cpe" : "cpe:/o:redhat:rhel_eus:8.1", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2719", "cpe" : "cpe:/a:redhat:rhel_eus:8.2::nfv", "package" : "kernel-rt-0:4.18.0-193.60.2.rt13.112.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-07-20T00:00:00Z", "advisory" : "RHSA-2021:2718", "cpe" : "cpe:/o:redhat:rhel_eus:8.2", "package" : "kernel-0:4.18.0-193.60.2.el8_2" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2720", "cpe" : "cpe:/o:redhat:rhel_eus:8.2", "package" : "kpatch-patch" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-operator-bundle:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.4", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHBA-2021:2854", "cpe" : "cpe:/a:redhat:rhmt:1.4::el7", "package" : "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2021-07-21T00:00:00Z", "advisory" : "RHSA-2021:2737", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "redhat-virtualization-host-0:4.3.17-20210713.0.el7_9", "impact" : "moderate" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date" : "2021-07-22T00:00:00Z", "advisory" : "RHSA-2021:2736", "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "package" : "redhat-virtualization-host-0:4.4.7-20210715.1.el8_4", "impact" : "moderate" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "impact" : "moderate" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-33034\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33034\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl\nhttps://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1" ], "name" : "CVE-2021-33034", "mitigation" : { "value" : "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.", "lang" : "en:us" }, "csaw" : false }