CVE-2021-3752

Published on: Not Yet Published

Last Modified on: 02/24/2023 02:42:00 PM UTC

CVE-2021-3752

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

  • CVE-2021-3752 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7.1 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
ADJACENT_NETWORK HIGH LOW NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.9 - HIGH

Access
Vector		 Access
Complexity		 Authentication
ADJACENT_NETWORK MEDIUM NONE
Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
CVE-2021-3752 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security security.netapp.com
text/html
 URL Logo CONFIRM security.netapp.com/advisory/ntap-20220318-0009/
[PATCH 5.15 187/917] Bluetooth: fix use-after-free error in lock_sock_nested() - Greg Kroah-Hartman lore.kernel.org
text/html
 URL Logo MISC lore.kernel.org/lkml/[email protected]/
[SECURITY] [DLA 2941-1] linux-4.19 security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update
[SECURITY] [DLA 2940-1] linux security update lists.debian.org
text/html
 URL Logo MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update
oss-security - CVE-2021-3752: Linux kernel: a uaf bug in bluetooth www.openwall.com
text/html
 URL Logo MISC www.openwall.com/lists/oss-security/2021/09/15/4
1999544 – (CVE-2021-3752) CVE-2021-3752 kernel: possible use-after-free in bluetooth module bugzilla.redhat.com
text/html
 URL Logo MISC bugzilla.redhat.com/show_bug.cgi?id=1999544
Debian -- Security Information -- DSA-5096-1 linux www.debian.org
Depreciated Link
text/html
 URL Logo DEBIAN DSA-5096
Oracle Critical Patch Update Advisory - July 2022 www.oracle.com
text/html
 URL Logo MISC www.oracle.com/security-alerts/cpujul2022.html
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 159621 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9088)
  • 159641 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2022-9147)
  • 159642 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel-container (ELSA-2022-9148)
  • 159664 Oracle Enterprise Linux Security Update for kernel security and bug fix update (ELSA-2022-0620)
  • 159825 Oracle Enterprise Linux Security Update for kernel (ELSA-2022-1988)
  • 179117 Debian Security Update for linux (DSA 5096-1)
  • 179118 Debian Security Update for linux (DLA 2940-1)
  • 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
  • 180254 Debian Security Update for linux (CVE-2021-3752)
  • 198653 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5265-1)
  • 198655 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5268-1)
  • 198656 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5267-1)
  • 198666 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5267-3)
  • 240096 Red Hat Update for kernel-rt (RHSA-2022:0622)
  • 240115 Red Hat Update for kernel (RHSA-2022:0620)
  • 240275 Red Hat Update for kernel-rt (RHSA-2022:1975)
  • 240298 Red Hat Update for kernel security (RHSA-2022:1988)
  • 257155 CentOS Security Update for kernel (CESA-2022:0620)
  • 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
  • 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
  • 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
  • 390256 Oracle Managed Virtualization (VM) Server for x86 Security Update for kernel (OVMSA-2022-0007)
  • 671225 EulerOS Security Update for kernel (EulerOS-SA-2022-1010)
  • 671304 EulerOS Security Update for kernel (EulerOS-SA-2022-1208)
  • 671703 EulerOS Security Update for kernel (EulerOS-SA-2022-1735)
  • 751214 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3389-1)
  • 751215 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3386-1)
  • 751217 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3387-1)
  • 751223 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3338-1)
  • 751234 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1357-1)
  • 751235 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3447-1)
  • 751245 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1365-1)
  • 751389 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (SUSE-SU-2021:3751-1)
  • 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
  • 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
  • 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
  • 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
  • 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
  • 900693 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8674)
  • 905867 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (8674-1)
  • 940517 AlmaLinux Security Update for kernel (ALSA-2022:1988)
  • 960132 Rocky Linux Security Update for kernel-rt (RLSA-2022:1975)
  • 960134 Rocky Linux Security Update for kernel (RLSA-2022:1988)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System		DebianDebian Linux10.0AllAllAll
Operating
System		DebianDebian Linux9.0AllAllAll
Operating
System		FedoraprojectFedora34AllAllAll
Operating
System		LinuxLinux KernelAllAllAllAll
Hardware Device InfoNetappBaseboard Management Controller H300e-AllAllAll
Operating
System		NetappBaseboard Management Controller H300e Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H300s-AllAllAll
Operating
System		NetappBaseboard Management Controller H300s Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H410c-AllAllAll
Operating
System		NetappBaseboard Management Controller H410c Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H410s-AllAllAll
Operating
System		NetappBaseboard Management Controller H410s Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H500e-AllAllAll
Operating
System		NetappBaseboard Management Controller H500e Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H500s-AllAllAll
Operating
System		NetappBaseboard Management Controller H500s Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H700e-AllAllAll
Operating
System		NetappBaseboard Management Controller H700e Firmware-AllAllAll
Hardware Device InfoNetappBaseboard Management Controller H700s-AllAllAll
Operating
System		NetappBaseboard Management Controller H700s Firmware-AllAllAll
ApplicationOracleCommunications Cloud Native Core Binding Support Function22.1.3AllAllAll
ApplicationOracleCommunications Cloud Native Core Network Exposure Function22.1.1AllAllAll
ApplicationOracleCommunications Cloud Native Core Policy22.2.0AllAllAll
ApplicationRedhat3scale2.0AllAllAll
Operating
System		RedhatEnterprise Linux7.0AllAllAll
Operating
System		RedhatEnterprise Linux8.0AllAllAll
Operating
System		RedhatEnterprise Linux For Real Time7AllAllAll
Operating
System		RedhatEnterprise Linux For Real Time For Nfv7AllAllAll
ApplicationRedhatVirtualization Host4.0AllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:3scale:2.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_real_time:7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*:
  • cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @oss_security CVE-2021-3752: Linux kernel: a uaf bug in bluetooth: Posted by Luo Likang on Sep 15A uaf vulnerability in the linux… twitter.com/i/web/status/1… 2021-09-15 16:18:02
Twitter Icon @omokazuki SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(Moderate: CVE-2021-3752) #sios_tech #security #vulnerability #セキュリティ #脆弱性… twitter.com/i/web/status/1… 2021-09-15 20:38:48
Twitter Icon @management_sun IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/4 CVE-2021-34556 CVE-2021-33033 CVE-2021-3772 CVE-2021-3760 CVE-2021-3752 CVE… twitter.com/i/web/status/1… 2021-11-18 01:32:19
Twitter Icon @management_sun SUSE.linux kernelに複数の脆弱性 -4/6 CVE-2021-3753 CVE-2021-3752 CVE-2021-3744 CVE-2021-3732 CVE-2021-3715 CVE-2021-3679 C… twitter.com/i/web/status/1… 2021-12-03 01:35:01
Twitter Icon @softek_jp Linux Kernel の Bluetooth の処理に特権を奪われる問題 (CVE-2021-3752) [41219] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 2022-02-04 05:04:54
Twitter Icon @management_sun IT Risk: Ubuntu.Linux kernelに複数の脆弱性 任意のコードの実行 サービス拒否 ubuntu.com/security/notic… CVE-2021-3640 CVE-2021-3752 CVE-2021-42739 2022-02-14 07:36:14
Twitter Icon @CVEreport CVE-2021-3752 : A use-after-free flaw was found in the #Linux #kernel’s Bluetooth subsystem in the way user calls c… twitter.com/i/web/status/1… 2022-02-28 22:27:59
Twitter Icon @GrupoICA_Ciber ?LINUX? Múltiples vulnerabilidades de severidad alta en productos LINUX: CVE-2021-3752,CVE-2021-3773,CVE-2021-409… twitter.com/i/web/status/1… 2022-03-01 09:01:48
Twitter Icon @GrupoICA_Ciber ?REDHAT? Múltiples vulnerabilidades de severidad alta en productos REDHAT: CVE-2021-3609,CVE-2021-3752,CVE-2022-0… twitter.com/i/web/status/1… 2022-03-11 09:01:02
Twitter Icon @GrupoICA_Ciber ?REDHAT? Múltiples vulnerabilidades de severidad alta en productos REDHAT: CVE-2021-3752,CVE-2022-0853 Más info… twitter.com/i/web/status/1… 2022-03-19 09:00:29
Twitter Icon @GrupoICA_Ciber ?LINUX? Múltiples vulnerabilidades de severidad alta en productos LINUX: CVE-2021-3760,CVE-2021-3752,CVE-2022-064… twitter.com/i/web/status/1… 2022-03-19 09:09:28
Twitter Icon @patrowl_io ? PatrowlHears Alert: CVE-2021-3752 CVSS: 7.9 / CTI Score: 84 / Exploit: 1 A use-after-free flaw was found in the L… twitter.com/i/web/status/1… 2022-03-29 22:05:00
Reddit Logo Icon /r/netcve CVE-2021-3752 2022-02-28 23:38:20
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report