Double Free in Linux kernel - CVE-2021-3564
Published: May 25, 2022 / Updated: May 25, 2022
Vulnerability identifier: #VU63660
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3564
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.
How to mitigate CVE-2021-3564
Install updates from vendor's website.
Sources
- https://bugzilla.redhat.com/show_bug.cgi?id=1964139
- http://www.openwall.com/lists/oss-security/2021/06/01/2
- http://www.openwall.com/lists/oss-security/2021/05/25/1
- https://www.openwall.com/lists/oss-security/2021/05/25/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html