CVE-2021-3640
Published on: Not Yet Published
Last Modified on: 02/12/2023 11:41:00 PM UTC
Certain versions of Ubuntu Linux from Canonical contain the following vulnerability:
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
- CVE-2021-3640 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | HIGH | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.9 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | MEDIUM | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| COMPLETE | COMPLETE | COMPLETE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Red Hat Customer Portal - Access to 24x7 support and knowledge | access.redhat.com text/html |
MISC access.redhat.com/security/cve/CVE-2021-3640 |
| [SECURITY] [DLA 2941-1] linux-4.19 security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update |
| [SECURITY] [DLA 2940-1] linux security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org text/html |
MISC git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951 |
| LKML: Takashi Iwai: [PATCH] Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() | lkml.org text/xml |
MISC lkml.org/lkml/2021/8/28/238 |
| CVE-2021-3640 | Ubuntu | ubuntu.com text/html |
MISC ubuntu.com/security/CVE-2021-3640 |
| 1980646 – (CVE-2021-3640) CVE-2021-3640 kernel: use-after-free vulnerability in function sco_sock_sendmsg() | bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=1980646 |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | access.redhat.com text/html |
MISC access.redhat.com/errata/RHSA-2022:7933 |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | access.redhat.com text/html |
MISC access.redhat.com/errata/RHSA-2022:8267 |
| oss-security - CVE-2021-3640: Linux kernel: UAF in sco_send_frame function | www.openwall.com text/html |
MISC www.openwall.com/lists/oss-security/2021/07/22/1 |
| February 2022 Linux Kernel 5.15.2 Vulnerabilities in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20220419-0003/ |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | access.redhat.com text/html |
MISC access.redhat.com/errata/RHSA-2022:7444 |
| Debian -- Security Information -- DSA-5096-1 linux | www.debian.org Depreciated Link text/html |
DEBIAN DSA-5096 |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | access.redhat.com text/html |
MISC access.redhat.com/errata/RHSA-2022:7683 |
| Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() · torvalds/[email protected] · GitHub | github.com text/html |
MISC github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951 |
Related QID Numbers
- 159641 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9147)
- 159642 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9148)
- 160210 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-7683)
- 160270 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-8267)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179118 Debian Security Update for linux (DLA 2940-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 179745 Debian Security Update for linux (CVE-2021-3640)
- 198653 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5265-1)
- 198655 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5268-1)
- 198656 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5267-1)
- 198666 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5267-3)
- 240815 Red Hat Update for kernel-rt (RHSA-2022:7444)
- 240817 Red Hat Update for kernel security (RHSA-2022:7683)
- 240869 Red Hat Update for kernel-rt (RHSA-2022:7933)
- 240904 Red Hat Update for kernel security (RHSA-2022:8267)
- 353079 Amazon Linux Security Advisory for kernel : ALAS2-2021-1727
- 353141 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.4-2022-010
- 353152 Amazon Linux Security Advisory for kernel : ALAS2KERNEL-5.10-2022-008
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 751137 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1271-1)
- 751155 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3192-1)
- 751160 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3179-1)
- 751163 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3206-1)
- 751170 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3205-1)
- 751238 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (SUSE-SU-2021:3459-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
- 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
- 900752 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8987)
- 906157 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8987-1)
- 940732 AlmaLinux Security Update for kernel (ALSA-2022:7683)
- 940766 AlmaLinux Security Update for kernel-rt (ALSA-2022:7444)
- 940798 AlmaLinux Security Update for kernel (ALSA-2022:8267)
- 940843 AlmaLinux Security Update for kernel-rt (ALSA-2022:7933)
- 960176 Rocky Linux Security Update for kernel-rt (RLSA-2022:7444)
- 960184 Rocky Linux Security Update for kernel (RLSA-2022:7683)
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 18.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 20.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 21.10 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Application | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Hardware
| Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware
| Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware
| Netapp | H410c | - | All | All | All |
| Operating System | Netapp | H410c Firmware | - | All | All | All |
| Hardware
| Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware
| Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware
| Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware
| Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware
| Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*:
- cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*:
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @oss_security |
CVE-2021-3640: Linux kernel: UAF in sco_send_frame function: Posted by Lin Horse on Jul 22Hello there, Just like th… twitter.com/i/web/status/1… | 2021-07-22 13:38:03 |
| @masami256 |
CVE-2021-3640はまだmainlineに修正入ってないんだな。 | 2021-07-26 01:22:06 |
| @linuxlkml |
#kernel CVE-2021-3640 and the unlimited block of lock_sock() spinics.net/lists/kernel/m… | 2021-08-20 01:13:10 |
| @linuxlkml |
#kernel Re: CVE-2021-3640 and the unlimited block of lock_sock() spinics.net/lists/kernel/m… | 2021-08-26 13:13:07 |
| @linuxlkml |
#kernel Re: CVE-2021-3640 and the unlimited block of lock_sock() spinics.net/lists/kernel/m… | 2021-08-27 02:37:11 |
| @linuxlkml |
#kernel Re: CVE-2021-3640 and the unlimited block of lock_sock() spinics.net/lists/kernel/m… | 2021-08-28 16:13:09 |
| @management_sun |
IT Risk: SUSE.linux kernelに複数の脆弱性 -4/4 CVE-2021-3653 CVE-2021-3640 CVE-2021-3542 CVE-2021-0941 CVE-2020-14305 CVE-2… twitter.com/i/web/status/1… | 2021-12-06 23:46:01 |
| @management_sun |
IT Risk: SUSE.Multiple vulnerabilities in the Linux Kernel -4/4 CVE-2021-3640 CVE-2021-3542 CVE-2021-0941 CVE-2020-… twitter.com/i/web/status/1… | 2021-12-08 23:46:38 |
| @softek_jp |
Linux Kernel の Bluetooth HCI の処理に特権を奪われる問題 (CVE-2021-3640) [40756] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2021-12-13 07:02:44 |
| @management_sun |
IT Risk: Ubuntu.Multiple vulnerabilities in Linux kernel -3/3 CVE-2021-20322 CVE-2021-3640 CVE-2021-42739 | 2022-02-04 08:39:11 |
| @management_sun |
IT Risk: Ubuntu.Linux kernelに複数の脆弱性 任意のコードの実行 サービス拒否 ubuntu.com/security/notic… CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 | 2022-02-14 07:36:14 |
| @CVEreport |
CVE-2021-3640 : A flaw use-after-free in function sco_sock_sendmsg of the #Linux #kernel HCI subsystem was found… twitter.com/i/web/status/1… | 2022-03-03 23:07:55 |
 /r/netcve |
CVE-2021-3640 | 2022-03-03 23:38:37 |