CVE-2021-3573

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Published: Aug 13, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3573
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	5.13-rc1	5.13-rc1.x
linux / linux_kernel	5.13-rc2	5.13-rc2.x
linux / linux_kernel	5.13-rc3	5.13-rc3.x
linux / linux_kernel	-	5.13
linux / linux_kernel	5.13-rc4	5.13-rc4.x
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	8.0	8.0.x
fedoraproject / fedora	34	34.x

Vulnerability Database

289,782

CVE-2021-3573