PT-2021-3669 · Linux+9 · Linux Kernel+9

Lin Horse

·

Published

2021-07-18

·

Updated

2024-06-15

·

CVE-2021-3640

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is related to a use-after-free flaw in the sco sock sendmsg() function of the Linux kernel's HCI subsystem. This flaw can be triggered by a privileged local user through specific system calls, such as ioct UFFDIO REGISTER, which can cause a race condition with the sco conn del() and sco sock sendmsg() calls. This can lead to a controllable faulting memory page. The exploitation of this issue may result in a system crash or allow an attacker to escalate their privileges on the system.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-416

Related Identifiers

ALSA-2022:7444
ALSA-2022:7683
ALSA-2022:7933
ALSA-2022:8267
ALT-PU-2021-3302
ALT-PU-2021-3303
ALT-PU-2021-3304
ALT-PU-2021-3305
ALT-PU-2021-3330
ALT-PU-2021-3333
ALT-PU-2021-3337
ALT-PU-2021-3341
ALT-PU-2021-3358
ALT-PU-2021-3469
ALT-PU-2021-3485
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2021-3660
ALT-PU-2022-1052
ALT-PU-2022-1054
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
ALT-PU-2023-4894
BDU:2021-03902
CESA-2022_7444
CESA-2022_7683
CVE-2021-3640
DLA-2940-1
DLA-2941-1
DSA-5096-1
MGASA-2021-0418
OESA-2021-1336
OPENSUSE-SU-2021:1271-1
OPENSUSE-SU-2021:3179-1
OPENSUSE-SU-2021:3205-1
OPENSUSE-SU-2021:3876-1
OPENSUSE-SU-2021_1271-1
OPENSUSE-SU-2021_3179-1
OPENSUSE-SU-2021_3205-1
OPENSUSE-SU-2021_3876-1
OPENSUSE-SU-2024:10728-1
OPENSUSE-SU-2024:13704-1
RHSA-2022:7444
RHSA-2022:7683
RHSA-2022:7933
RHSA-2022:8267
RHSA-2022_7444
RHSA-2022_7683
RHSA-2022_7933
RHSA-2022_8267
RHSA-2024:0724
RLSA-2022:7444
RLSA-2022:7683
SUSE-SU-2021:14849-1
SUSE-SU-2021:3177-1
SUSE-SU-2021:3178-1
SUSE-SU-2021:3179-1
SUSE-SU-2021:3192-1
SUSE-SU-2021:3205-1
SUSE-SU-2021:3205-2
SUSE-SU-2021:3206-1
SUSE-SU-2021:3207-1
SUSE-SU-2021:3217-1
SUSE-SU-2021:3360-1
SUSE-SU-2021:3361-1
SUSE-SU-2021:3371-1
SUSE-SU-2021:3374-1
SUSE-SU-2021:3401-1
SUSE-SU-2021:3440-1
SUSE-SU-2021:3443-1
SUSE-SU-2021:3459-1
SUSE-SU-2021:3876-1
SUSE-SU-2021:3929-1
SUSE-SU-2021:3935-1
SUSE-SU-2021:3969-1
SUSE-SU-2021:3972-1
SUSE-SU-2021_14849-1
USN-5265-1
USN-5267-1
USN-5267-2
USN-5267-3
USN-5268-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Rocky Linux
Suse
Ubuntu