CVE-2021-47068

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a use-after-free bug in the NFC subsystem of the Linux kernel, specifically in the llcp sock bind and llcp sock connect functions. This can be triggered when the same local is assigned to two different sockets, leading to a potential denial of service or information disclosure. The bug can be exploited by creating two sockets and binding them to the same address, then closing the sockets. The nfc llcp local put function is involved in the issue, and assigning NULL to llcp sock->local after calling this function can fix the problem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.