Double Free in Linux kernel - CVE-2021-3564
Published: May 25, 2022 / Updated: May 25, 2022
Vulnerability identifier: #VU63660
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-3564
CWE-ID: CWE-415
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local attacker to perform a denial of service attack.
The vulnerability exists due to bluetooth subsystem in the Linux kernel does not properly handle HCI device detach events. An attacker with physical access to the system can trigger double free error and perform a denial of service attack.
Remediation
Install updates from vendor's website.
External links
- https://bugzilla.redhat.com/show_bug.cgi?id=1964139
- http://www.openwall.com/lists/oss-security/2021/06/01/2
- http://www.openwall.com/lists/oss-security/2021/05/25/1
- https://www.openwall.com/lists/oss-security/2021/05/25/1
- https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html