CVE-2021-3640

HIGH

Linux Kernel < 4.4.293 - Use-After-Free in sco_sock_sendmsg

Title source: llm
STIX 2.1

Description

A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.

References (9)

Core 9
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1980646
Patch, Third Party Advisory x_refsource_misc
https://ubuntu.com/security/CVE-2021-3640
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/07/22/1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2022/dsa-5096
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220419-0003/

Scores

CVSS v3 7.0
EPSS 0.0001
EPSS Percentile 1.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-362 CWE-416
Status published
Products (16)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 21.10
debian/debian_linux 9.0
fedoraproject/fedora 34
linux/linux_kernel < 4.4.293
netapp/h300e_firmware
netapp/h300s_firmware
... and 6 more
Published Mar 03, 2022
Tracked Since Feb 18, 2026