CVE-2021-34981

EPSS 0.01%
Published 07.05.2024 23:15:13
Last modified 14.08.2025 01:42:25
Source zdi-disclosures@trendmicro.com
Teams watchlist Login
Open Login

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 5.10.42

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	7.5	0.8	6	CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

https://www.zerodayinitiative.com/advisories/ZDI-21-1223/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-34981

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-34981

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-34981

EUVD