CVE-2021-23134

HIGH

Linux Kernel <5.12.4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

References (7)

Core 7
Core References
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/05/11/4
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210625-0007/

Scores

CVSS v3 7.8
EPSS 0.0034
EPSS Percentile 26.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (4)
debian/debian_linux 9.0
fedoraproject/fedora 33
fedoraproject/fedora 34
linux/linux_kernel < 5.12.4
Published May 12, 2021
Tracked Since Feb 18, 2026