CVE-2021-41229

CVSS v2.0

6.1

Medium

Vector

AV:A/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions BlueZ (affected versions not specified)

Description A memory leak issue exists in the sdp cstate alloc buf function of the BlueZ Bluetooth protocol stack for Linux. This function allocates memory that remains in the singly linked list of cstates and is not freed, causing a memory leak over time. An attacker can exploit this by continuously sending sdp packets, potentially causing the service of the target device to crash due to the large object size.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401CWE-400

Related Identifiers

ALSA-2022:2081

ALT-PU-2021-2665

ALT-PU-2021-3492

BDU:2022-06043

CESA-2022_2081

CVE-2021-41229

DLA-2827-1

DLA-3157-1

DLA-3879-1

GHSA-3FQG-R8J5-F5XQ

MGASA-2021-0532

OESA-2022-1763

OPENSUSE-SU-2023_3238-1

RHSA-2022:2081

RHSA-2022_2081

RLSA-2022:2081

SUSE-SU-2023:3238-1

SUSE-SU-2023:3240-1

SUSE-SU-2023:3689-1

SUSE-SU-2023_3238-1

SUSE-SU-2023_3689-1

SUSE-SU-2024:0166-1

SUSE-SU-2024:0167-1

SUSE-SU-2024_0166-1

SUSE-SU-2024_0167-1

USN-5155-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Bluez

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2021-41229

Weakness Enumeration

Related Identifiers

Affected Products

References · 64