CVE-2021-3573

MEDIUM Year: 2021
CVSS v3 Score
6.4
Medium
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-362
View all →

Vulnerability Description

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

Related Vulnerabilities

CVE-2015-8511

MEDIUM
CVSS:6.4(Medium)

Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.

CWE-3622015

CVE-2016-9962

MEDIUM
CVSS:6.4(Medium)

RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-des...

CWE-3622016

CVE-2017-1000367

MEDIUM
CVSS:6.4(Medium)

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CWE-3622017

CVE-2018-9519

MEDIUM
CVSS:6.4(Medium)

In easelcomm_hw_build_scatterlist, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System privileges required. User interaction i...

CWE-3622018

CVE-2019-2188

MEDIUM
CVSS:6.4(Medium)

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...

CWE-3622019

CVE-2019-2189

MEDIUM
CVSS:6.4(Medium)

In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede...

CWE-3622019