{ "threat_severity" : "Moderate", "public_date" : "2021-06-08T00:00:00Z", "bugzilla" : { "description" : "kernel: use-after-free in function hci_sock_bound_ioctl()", "id" : "1966578", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1966578" }, "cvss3" : { "cvss3_base_score" : "6.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-788", "details" : [ "A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.", "A flaw use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system." ], "statement" : "This issue is rated as having a Moderate impact because of the privileges (CAP_NET_ADMIN in initial namespace) required for exploiting the issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2022-02-22T00:00:00Z", "advisory" : "RHSA-2022:0622", "cpe" : "cpe:/a:redhat:rhel_extras_rt:7", "package" : "kernel-rt-0:3.10.0-1160.59.1.rt56.1200.el7" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2022-02-22T00:00:00Z", "advisory" : "RHSA-2022:0620", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "kernel-0:3.10.0-1160.59.1.el7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-11-09T00:00:00Z", "advisory" : "RHSA-2021:4140", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-348.rt7.130.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-11-09T00:00:00Z", "advisory" : "RHSA-2021:4356", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-348.el8" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-alt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3573\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3573\nhttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52\nhttps://www.openwall.com/lists/oss-security/2021/06/08/2" ], "name" : "CVE-2021-3573", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising easThe required privileges is CAP_NET_ADMIN capabilities. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.e of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }