{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-24T14:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"}, {"tags": ["x_refsource_MISC"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"}, {"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"}, {"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"}, {"name": "[oss-security] 20210824 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-38208", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba", "refsource": "MISC", "url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"}, {"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"}, {"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"}, {"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"}, {"name": "[oss-security] 20210824 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.360Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"}, {"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"}, {"name": "[oss-security] 20210817 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"}, {"name": "[oss-security] 20210824 Re: Linux kernel: nfc: null ptr dereference in llcp_sock_getname", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-38208", "datePublished": "2021-08-08T19:22:22", "dateReserved": "2021-08-08T00:00:00", "dateUpdated": "2024-08-04T01:37:16.360Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "FF7FC8F9-201D-4170-B56B-EA6E69B1FB1F", "versionEndExcluding": "5.12.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call."}, {"lang": "es", "value": "El archivo net/nfc/llcp_sock.c en el kernel de Linux versiones anteriores a 5.12.10, permite a los usuarios locales no privilegiados causar una denegaci\u00f3n de servicio (desreferencia del puntero NULL y BUG) al hacer una llamada getsockname despu\u00e9s de cierto tipo de fallo de una llamada de enlace"}], "id": "CVE-2021-38208", "lastModified": "2024-11-21T06:16:40.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-08T20:15:07.387", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/17/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/08/24/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: NULL pointer dereference in net/nfc/llcp_sock.c by making a getsockname call after a certain type of failure of a bind call", "id": "1992810", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992810"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-665->CWE-476", "details": ["net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call.", "A flaw was found in the Linux kernels NFC implementation, A NULL pointer dereference and BUG leading to a denial of service can be triggered by a local unprivileged user causing a kernel panic."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-38208", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-05-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-38208\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-38208"], "threat_severity": "Moderate"}