Svi
Pretraži prema proizvođaču
Pretraži prema CWE oznaci
O usluzi
Pretplate
Jezik
hr
en
CVE-2021-33034 - CERT CVE
CVE-2021-33034
ID
CVE-2021-33034
Sažetak
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Reference
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3
https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/
CVSS
Base:
4.6
Impact:
6.4
Exploitability:
3.9
Pristup
Vektor
Složenost
Autentikacija
LOCAL
LOW
NONE
Impact
Povjerljivost
Cjelovitost
Dostupnost
PARTIAL
PARTIAL
PARTIAL
CVSS vektor
AV:L/AC:L/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje
07-11-2023 - 03:35
Objavljeno
14-05-2021 - 23:15
