CVE-2021-47620

MEDIUM

Linux Kernel < 4.4.302 - Out-of-bounds Read in Bluetooth Advertisement Data Processing

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop processing so that it doesn't get checked after ptr has been advanced.

Scores

CVSS v3 5.5
EPSS 0.0022
EPSS Percentile 12.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (18)
Linux/Linux 048acfa4daf167b007b6bd8bef474e90c2282a5f - 305e92f525450f3e1b5f5c9dc7eadb152d66a082
Linux/Linux 185c77cbb53bc7481acc5a0b4e6119bbe393d561 - 5a539c08d743d9910631448da78af5e961664c0e
Linux/Linux 24161b9c43de966789d5956428f45002d10f878e - 835d3706852537bf92eb23eb8635b8dee0c0aa67
Linux/Linux 2de0e6a71ceb056e17e4684dce8b7640367996f9 - bcea886771c3f22a590c8c8b9139a107bd7f1e1c
Linux/Linux 3a56ef719f0b9682afb8a86d64b2399e36faa4e6 - 899663be5e75dc0174dc8bda0b5e6826edf0b29a
Linux/Linux 4.14.263 - 4.14.265
Linux/Linux 4.19.226 - 4.19.228
Linux/Linux 4.4.300 - 4.4.302
Linux/Linux 4.9.298 - 4.9.300
Linux/Linux 4a1491432394b22e585a185ffca49086e4046aae - 8819f93cd4a443dfe547aa622b21f723757df3fb
... and 8 more
Published Jun 20, 2024
Tracked Since Feb 18, 2026