5.5

CVE-2021-3564

Exploit
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.13
FedoraprojectFedora Version34
DebianDebian Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.383
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-415 Double Free

The product calls free() twice on the same memory address.

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/25/1
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2021/06/01/2
Exploit
Mailing List
https://bugzilla.redhat.com/show_bug.cgi?id=1964139
Third Party Advisory
Issue Tracking
https://www.openwall.com/lists/oss-security/2021/05/25/1
Third Party Advisory
Exploit
Mailing List