Description
A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.
References (6)
Core 6
Core References
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/05/25/1
Exploit, Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/06/01/2
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1964139
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/05/25/1
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
Scores
CVSS v3
5.5
EPSS
0.0048
EPSS Percentile
37.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-415
Status
published
Products (3)
debian/debian_linux
9.0
fedoraproject/fedora
34
linux/linux_kernel
3.13
Published
Jun 08, 2021
Tracked Since
Feb 18, 2026