CVE-2021-3760
Published on: Not Yet Published
Last Modified on: 03/01/2023 08:15:00 PM UTC
Certain versions of Debian Linux from Debian contain the following vulnerability:
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
- CVE-2021-3760 has been assigned by
[email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| LOCAL | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 7.2 - HIGH
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| LOCAL | LOW | NONE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| COMPLETE | COMPLETE | COMPLETE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| [SECURITY] [DLA 2941-1] linux-4.19 security update | lists.debian.org text/html |
MLIST [debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update |
| 2000585 – (CVE-2021-3760) CVE-2021-3760 kernel: nfc: Use-After-Free vulnerability of ndev->rf_conn_info object | Issue Tracking Third Party Advisory bugzilla.redhat.com text/html |
MISC bugzilla.redhat.com/show_bug.cgi?id=2000585 |
| CVE-2021-3760 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security | security.netapp.com text/html |
CONFIRM security.netapp.com/advisory/ntap-20220318-0007/ |
| Debian -- Security Information -- DSA-5096-1 linux | www.debian.org Depreciated Link text/html |
DEBIAN DSA-5096 |
Related QID Numbers
- 178943 Debian Security Update for linux (DLA 2843-1)
- 179117 Debian Security Update for linux (DSA 5096-1)
- 179119 Debian Security Update for linux-4.19 (DLA 2941-1)
- 180486 Debian Security Update for linux (CVE-2021-3760)
- 198569 Ubuntu Security Notification for Linux kernel (OEM 5.10) Vulnerabilities (USN-5139-1)
- 198589 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5165-1)
- 198617 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5209-1)
- 198618 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5210-1)
- 198621 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5208-1)
- 198627 Ubuntu Security Notification for Linux kernel (OEM) Vulnerabilities (USN-5218-1)
- 282035 Fedora Security Update for kernel (FEDORA-2021-4320606094)
- 282036 Fedora Security Update for kernel (FEDORA-2021-4fed2b55c4)
- 353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
- 353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
- 353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
- 751336 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1460-1)
- 751342 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3641-1)
- 751346 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3655-1)
- 751349 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:1477-1)
- 751353 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3675-1)
- 751381 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3748-1)
- 751437 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3876-1)
- 751441 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2021:3876-1)
- 751451 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3935-1)
- 751473 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3969-1)
- 751476 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2021:3972-1)
Known Affected Configurations (CPE V2.3)
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
- cpe:2.3:o:linux:linux_kernel:5.14.15:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h410c:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h410c_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*:
- cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*:
- cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @oss_security |
CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Lin Horse on Oct… twitter.com/i/web/status/1… | 2021-10-26 13:41:04 |
| @oss_security |
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Solar Designe… twitter.com/i/web/status/1… | 2021-10-26 13:41:05 |
| @oss_security |
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Lin Horse on… twitter.com/i/web/status/1… | 2021-10-26 13:41:06 |
| @oss_security |
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Solar Designe… twitter.com/i/web/status/1… | 2021-10-26 13:41:08 |
| @oss_security |
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Thadeu Lima d… twitter.com/i/web/status/1… | 2021-10-26 13:41:09 |
| @oss_security |
RE: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Anthony Liguo… twitter.com/i/web/status/1… | 2021-10-26 16:41:03 |
| @perr0r |
CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object openwall.com/lists/oss-secu… | 2021-10-27 13:38:08 |
| @oss_security |
Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object: Posted by Roxana Brades… twitter.com/i/web/status/1… | 2021-10-28 13:52:03 |
| @secalertsasia |
oss-sec: Re: CVE-2021-3760: Linux kernel: Use-After-Free vulnerability of ndev->rf_conn_info object… twitter.com/i/web/status/1… | 2021-11-03 06:39:15 |
| @softek_jp |
Linux Kernel の NFC の処理に特権を奪われる問題 (CVE-2021-3760) [40510] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報 | 2021-11-12 04:31:27 |
| @management_sun |
IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/4 CVE-2021-34556 CVE-2021-33033 CVE-2021-3772 CVE-2021-3760 CVE-2021-3752 CVE… twitter.com/i/web/status/1… | 2021-11-18 01:32:19 |
| @management_sun |
IT Risk: Ubuntu.Linux kernel (OEM)に複数の脆弱性 -2/2 CVE-2021-42739 CVE-2021-42327 CVE-2021-3772 CVE-2021-3760 | 2021-12-01 02:32:25 |
| @management_sun |
IT Risk: Ubuntu.Multiple vulnerabilities in the Linux kernel (OEM) -2/2 CVE-2021-42327 CVE-2021-3772 CVE-2021-3760 | 2021-12-01 02:33:05 |
| @management_sun |
IT Risk: SUSE.Linux Kernelに複数の脆弱性 -3/4 CVE-2021-20320 CVE-2021-3772 CVE-2021-3764 CVE-2021-3760 CVE-2021-3753 CVE-2… twitter.com/i/web/status/1… | 2021-12-08 04:04:32 |
| @management_sun |
IT Risk: SUSE.Linux Kernelに複数の脆弱性 -3/4 CVE-2021-20322 CVE-2021-3772 CVE-2021-3764 CVE-2021-3760 CVE-2021-3759 CVE-2… twitter.com/i/web/status/1… | 2021-12-08 23:43:51 |
| @management_sun |
IT Risk: Ubuntu.Linux Kernel (OEM)に複数の脆弱性 -2/2 CVE-2021-20321 CVE-2021-4204 CVE-2021-4002 CVE-2021-3760 | 2022-01-12 08:30:58 |
| @management_sun |
IT Risk: Ubuntu.Multiple vulnerabilities in the Linux Kernel (OEM) -2/2 CVE-2021-20321 CVE-2021-4204 CVE-2021-4002 CVE-2021-3760 | 2022-01-12 08:31:28 |
| @management_sun |
IT Risk: Ubuntu.Linux Kernelに複数の脆弱性 -2/2 CVE-2021-4002 CVE-2021-3760 CVE-2020-26541 | 2022-01-13 09:23:21 |
| @management_sun |
IT Risk: Ubuntu.Multiple vulnerabilities in the Linux Kernel -2/2 CVE-2021-3760 CVE-2020-26541 | 2022-01-13 09:24:02 |
| @CVEreport |
CVE-2021-3760 : A flaw was found in the #Linux #kernel. A use-after-free vulnerability in the NFC stack can lead to… twitter.com/i/web/status/1… | 2022-02-28 22:28:42 |
| @GrupoICA_Ciber |
?LINUX? Múltiples vulnerabilidades de severidad alta en productos LINUX: CVE-2021-22600,CVE-2021-3760,CVE-2021-36… twitter.com/i/web/status/1… | 2022-03-11 08:59:56 |
| @GrupoICA_Ciber |
?LINUX? Múltiples vulnerabilidades de severidad alta en productos LINUX: CVE-2021-3760,CVE-2021-3752,CVE-2022-064… twitter.com/i/web/status/1… | 2022-03-19 09:09:28 |
 /r/xmpp |
Prosody 0.11.10 released (CVE-2021-3760) | 2021-08-05 08:38:03 |
| /r/netcve |
CVE-2021-3760 | 2022-02-28 23:38:22 |