CVE-2021-33034 - Vulnerability Details

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Linux	Linux Kernel
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Extras Rt Rhel Tus Rhev Hypervisor Rhmt

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
kernel-rt-0:3.10.0-1160.36.2.rt56.1179.el7	cpe:/a:redhat:rhel_extras_rt:7	RHSA-2021:2726	2021-07-21T00:00:00Z
kernel-0:3.10.0-1160.36.2.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:2725	2021-07-21T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:7	RHSA-2021:2727	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.2 Advanced Update Support
kernel-0:3.10.0-327.98.2.el7	cpe:/o:redhat:rhel_aus:7.2	RHSA-2021:2734	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
kernel-0:3.10.0-514.90.2.el7	cpe:/o:redhat:rhel_aus:7.3	RHSA-2021:2733	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
kernel-0:3.10.0-693.90.2.el7	cpe:/o:redhat:rhel_aus:7.4	RHSA-2021:2732	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.4 Telco Extended Update Support
kernel-0:3.10.0-693.90.2.el7	cpe:/o:redhat:rhel_tus:7.4	RHSA-2021:2732	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions
kernel-0:3.10.0-693.90.2.el7	cpe:/o:redhat:rhel_e4s:7.4	RHSA-2021:2732	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)
kernel-0:3.10.0-957.78.2.el7	cpe:/o:redhat:rhel_aus:7.6	RHSA-2021:2730	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
kernel-0:3.10.0-957.78.2.el7	cpe:/o:redhat:rhel_tus:7.6	RHSA-2021:2730	2021-07-20T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
kernel-0:3.10.0-957.78.2.el7	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:2730	2021-07-20T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_e4s:7.6	RHSA-2021:2731	2021-07-21T00:00:00Z
Red Hat Enterprise Linux 7.7 Extended Update Support
kernel-0:3.10.0-1062.52.2.el7	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:2728	2021-07-21T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:7.7	RHSA-2021:2729	2021-07-21T00:00:00Z
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-305.7.1.rt7.79.el8_4	cpe:/a:redhat:enterprise_linux:8::nfv	RHSA-2021:2599	2021-06-29T00:00:00Z
kpatch-patch	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:2563	2021-06-29T00:00:00Z
kernel-0:4.18.0-305.7.1.el8_4	cpe:/o:redhat:enterprise_linux:8	RHSA-2021:2570	2021-06-29T00:00:00Z
Red Hat Enterprise Linux 8.1 Extended Update Support
kernel-0:4.18.0-147.51.1.el8_1	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:2666	2021-07-07T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:8.1	RHSA-2021:2668	2021-07-07T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
kernel-rt-0:4.18.0-193.60.2.rt13.112.el8_2	cpe:/a:redhat:rhel_eus:8.2::nfv	RHSA-2021:2719	2021-07-20T00:00:00Z
kernel-0:4.18.0-193.60.2.el8_2	cpe:/o:redhat:rhel_eus:8.2	RHSA-2021:2718	2021-07-20T00:00:00Z
kpatch-patch	cpe:/o:redhat:rhel_eus:8.2	RHSA-2021:2720	2021-07-21T00:00:00Z
Red Hat Migration Toolkit for Containers 1.4
rhmtc/openshift-migration-controller-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-operator-bundle:v1.4.6-5	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-registry-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-ui-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-migration-velero-rhel8:v1.4.6-5	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4	cpe:/a:redhat:rhmt:1.4::el7	RHBA-2021:2854	2021-07-21T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.17-20210713.0.el7_9	cpe:/o:redhat:enterprise_linux:7::hypervisor	RHSA-2021:2737	2021-07-21T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.7-20210715.1.el8_4	cpe:/o:redhat:rhev_hypervisor:4.4::el8	RHSA-2021:2736	2021-07-22T00:00:00Z

References

Link	Providers
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/
https://nvd.nist.gov/vuln/detail/CVE-2021-33034
https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl
https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1
https://www.cve.org/CVERecord?id=CVE-2021-33034

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-05-14T22:57:07

Updated: 2024-08-03T23:42:19.128Z

Reserved: 2021-05-14T00:00:00

Link: CVE-2021-33034

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-14T23:15:09.813

Modified: 2024-11-21T06:08:09.923

Link: CVE-2021-33034

Redhat

Severity : Important

Publid Date: 2021-03-22T00:00:00Z

Links: CVE-2021-33034 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-23T01:07:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"}, {"tags": ["x_refsource_MISC"], "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"}, {"name": "FEDORA-2021-bae582b42c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33034", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1", "refsource": "MISC", "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"}, {"name": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl", "refsource": "MISC", "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"}, {"name": "FEDORA-2021-bae582b42c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:42:19.128Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"}, {"name": "FEDORA-2021-bae582b42c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33034", "datePublished": "2021-05-14T22:57:07", "dateReserved": "2021-05-14T00:00:00", "dateUpdated": "2024-08-03T23:42:19.128Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "02E3EF5C-8618-4945-A6A6-D7C1A416754F", "versionEndExcluding": "5.12.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."}, {"lang": "es", "value": "En el kernel de Linux versiones anteriores a 5.12.4, el archivo net/bluetooth/hci_event.c, presenta un uso de la memoria previamente liberada cuando se destruye un hci_chan, tambi\u00e9n se conoce como CID-5c4c8c954409. Esto conlleva a escribir un valor arbitrario"}], "id": "CVE-2021-33034", "lastModified": "2024-11-21T06:08:09.923", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-14T23:15:09.813", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2726", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.36.2.rt56.1179.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2725", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.36.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2727", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2734", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.98.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2733", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.90.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2732", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "kernel-0:3.10.0-693.90.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2732", "cpe": "cpe:/o:redhat:rhel_tus:7.4", "package": "kernel-0:3.10.0-693.90.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Telco Extended Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2732", "cpe": "cpe:/o:redhat:rhel_e4s:7.4", "package": "kernel-0:3.10.0-693.90.2.el7", "product_name": "Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2730", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "kernel-0:3.10.0-957.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2730", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "kernel-0:3.10.0-957.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2730", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kernel-0:3.10.0-957.78.2.el7", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2731", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2728", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "kernel-0:3.10.0-1062.52.2.el7", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2729", "cpe": "cpe:/o:redhat:rhel_eus:7.7", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 7.7 Extended Update Support", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2599", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-305.7.1.rt7.79.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2021:2563", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2021:2570", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-305.7.1.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}, {"advisory": "RHSA-2021:2666", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kernel-0:4.18.0-147.51.1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-07-07T00:00:00Z"}, {"advisory": "RHSA-2021:2668", "cpe": "cpe:/o:redhat:rhel_eus:8.1", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-07-07T00:00:00Z"}, {"advisory": "RHSA-2021:2719", "cpe": "cpe:/a:redhat:rhel_eus:8.2::nfv", "package": "kernel-rt-0:4.18.0-193.60.2.rt13.112.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2718", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kernel-0:4.18.0-193.60.2.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-07-20T00:00:00Z"}, {"advisory": "RHSA-2021:2720", "cpe": "cpe:/o:redhat:rhel_eus:8.2", "package": "kpatch-patch", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-controller-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-log-reader-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-must-gather-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-operator-bundle:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-registry-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-rsync-transfer-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-ui-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8:v1.4.6-3", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-migration-velero-rhel8:v1.4.6-5", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHBA-2021:2854", "cpe": "cpe:/a:redhat:rhmt:1.4::el7", "package": "rhmtc/openshift-velero-plugin-rhel8:v1.4.6-4", "product_name": "Red Hat Migration Toolkit for Containers 1.4", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2737", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "redhat-virtualization-host-0:4.3.17-20210713.0.el7_9", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2021-07-21T00:00:00Z"}, {"advisory": "RHSA-2021:2736", "cpe": "cpe:/o:redhat:rhev_hypervisor:4.4::el8", "impact": "moderate", "package": "redhat-virtualization-host-0:4.4.7-20210715.1.el8_4", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8", "release_date": "2021-07-22T00:00:00Z"}], "bugzilla": {"description": "kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan", "id": "1961305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961305"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.", "A use-after-free flaw was found in hci_send_acl in the bluetooth host controller interface (HCI) in Linux kernel, where a local attacker with an access rights could cause a denial of service problem on the system The issue results from the object hchan, freed in hci_disconn_loglink_complete_evt, yet still used in other places. The highest threat from this vulnerability is to data integrity, confidentiality and system availability."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible."}, "name": "CVE-2021-33034", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "impact": "moderate", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-03-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-33034\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33034\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl\nhttps://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"], "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object