CVE-2021-3752
HIGHLinux Kernel 2.6.12-4.4.293 - Use-After-Free via Bluetooth Socket Race Condition
Title source: llmDescription
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References (8)
Core 8
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1999544
Mailing List x_refsource_misc
https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org/
Exploit, Mailing List, Third Party Advisory x_refsource_misc
https://www.openwall.com/lists/oss-security/2021/09/15/4
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2022/dsa-5096
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2022.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220318-0009/
Scores
CVSS v3
7.1
EPSS
0.0004
EPSS Percentile
13.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
CWE-416
Status
published
Products (21)
debian/debian_linux
9.0
debian/debian_linux
10.0
fedoraproject/fedora
34
linux/linux_kernel
2.6.12 - 4.4.293
netapp/h300e_firmware
netapp/h300s_firmware
netapp/h410c_firmware
netapp/h410s_firmware
netapp/h500e_firmware
netapp/h500s_firmware
... and 11 more
Published
Feb 16, 2022
Tracked Since
Feb 18, 2026