Description
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
References (7)
Core 7
Core References
Mailing List, Patch, Vendor Advisory x_refsource_misc
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d
Mailing List, Patch, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/05/11/4
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210625-0007/
Scores
CVSS v3
7.8
EPSS
0.0034
EPSS Percentile
26.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (4)
debian/debian_linux
9.0
fedoraproject/fedora
33
fedoraproject/fedora
34
linux/linux_kernel
< 5.12.4
Published
May 12, 2021
Tracked Since
Feb 18, 2026