CVE-2021-3752

Summary

CVE	CVE-2021-3752
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-02-16 19:15:00 UTC
Updated	2023-11-09 14:44:00 UTC
Description	A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Risk And Classification

Problem Types: CWE-362

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	34	All	All	All
Operating System	Linux	Linux Kernel	All	All	All	All
Hardware	Netapp	Baseboard Management Controller H300e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H300s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H300s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410c	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410c Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H410s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H410s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H500s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H500s Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700e	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700e Firmware	-	All	All	All
Hardware	Netapp	Baseboard Management Controller H700s	-	All	All	All
Operating System	Netapp	Baseboard Management Controller H700s Firmware	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Oracle	Communications Cloud Native Core Binding Support Function	22.1.3	All	All	All
Application	Oracle	Communications Cloud Native Core Network Exposure Function	22.1.1	All	All	All
Application	Oracle	Communications Cloud Native Core Policy	22.2.0	All	All	All
Application	Redhat	3scale	2.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Operating System	Redhat	Enterprise Linux For Real Time	7	All	All	All
Operating System	Redhat	Enterprise Linux For Real Time For Nfv	7	All	All	All
Application	Redhat	Virtualization Host	4.0	All	All	All

References

Reference	Source	Link	Tags
CVE-2021-3752 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested() - Greg Kroah-Hartman	MISC	lore.kernel.org
[SECURITY] [DLA 2941-1] linux-4.19 security update	MLIST	lists.debian.org
[PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested() - Greg Kroah-Hartman		lore.kernel.org
[SECURITY] [DLA 2940-1] linux security update	MLIST	lists.debian.org
oss-security - CVE-2021-3752: Linux kernel: a uaf bug in bluetooth	MISC	www.openwall.com
1999544 – (CVE-2021-3752) CVE-2021-3752 kernel: possible use-after-free in bluetooth module	MISC	bugzilla.redhat.com
Debian -- Security Information -- DSA-5096-1 linux	DEBIAN	www.debian.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159621 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9088)
159641 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9147)
159642 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9148)
159664 Oracle Enterprise Linux Security Update for kernel security and bug fix update (ELSA-2022-0620)
159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
179117 Debian Security Update for linux (DSA 5096-1)
179118 Debian Security Update for linux (DLA 2940-1)
179119 Debian Security Update for linux-4.19 (DLA 2941-1)
180254 Debian Security Update for linux (CVE-2021-3752)
198653 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5265-1)
198655 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5268-1)
198656 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5267-1)
198666 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5267-3)
240096 Red Hat Update for kernel-rt (RHSA-2022:0622)
240115 Red Hat Update for kernel (RHSA-2022:0620)
240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
240298 Red Hat Update for kernel security (RHSA-2022:1988)
257155 CentOS Security Update for kernel (CESA-2022:0620)
353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
390256 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0007)
671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
751214 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3389-1)
751215 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3386-1)
751217 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3387-1)
751223 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3338-1)
751234 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1357-1)
751235 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3447-1)
751245 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1365-1)
751389 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (SUSE-SU-2021:3751-1)
751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
900693 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8674)
905867 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8674-1)
940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)
960132 Rocky Linux Security Update for kernel-rt (RLSA-2022:1975)
960134 Rocky Linux Security Update for kernel (RLSA-2022:1988)