{
  "threat_severity" : "Moderate",
  "public_date" : "2021-09-14T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: possible use-after-free in bluetooth module",
    "id" : "1999544",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1999544"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-362",
  "details" : [ "A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability." ],
  "statement" : "This issue is rated as having Moderate impact because Only local users with privileges to access the sock_dgram Bluetooth socket can trigger this issue.",
  "acknowledgement" : "Red Hat would like to thank Likang Luo (NSFOCUS Security Team) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-02-22T00:00:00Z",
    "advisory" : "RHSA-2022:0622",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-1160.59.1.rt56.1200.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2022-02-22T00:00:00Z",
    "advisory" : "RHSA-2022:0620",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-1160.59.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1975",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-372.9.1.rt7.166.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-05-10T00:00:00Z",
    "advisory" : "RHSA-2022:1988",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-372.9.1.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-3752\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3752\nhttps://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/\nhttps://www.openwall.com/lists/oss-security/2021/09/15/4" ],
  "name" : "CVE-2021-3752",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability. The possible solution is to disable Bluetooth completely: https://access.redhat.com/solutions/2682931",
    "lang" : "en:us"
  },
  "csaw" : false
}