CVE-2021-4202

Published on: Not Yet Published

Last Modified on: 10/06/2022 02:25:00 AM UTC

CVE-2021-4202

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Linux Kernel from Linux contain the following vulnerability:

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.

CVE-2021-4202 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 7 - HIGH

Attack Vector ^ⓘ	Attack Complexity	Privileges Required	User Interaction
LOCAL	HIGH	LOW	NONE
Scope	Confidentiality Impact	Integrity Impact	Availability Impact
UNCHANGED	HIGH	HIGH	HIGH

CVSS2 Score: 6.9 - MEDIUM

Access Vector^ⓘ	Access Complexity	Authentication
LOCAL	MEDIUM	NONE
Confidentiality Impact	Integrity Impact	Availability Impact
COMPLETE	COMPLETE	COMPLETE

CVE References

Description	Tags ^ⓘ	Link
oss-security - Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability	www.openwall.com text/html	MLIST [oss-security] 20220601 Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability
oss-security - Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability	www.openwall.com text/html	MLIST [oss-security] 20220607 Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability
2036682 – (CVE-2021-4202) CVE-2021-4202 kernel: Race condition in nci_request() leads to use after free while the device is getting removed	bugzilla.redhat.com text/html	MISC bugzilla.redhat.com/show_bug.cgi?id=2036682
oss-security - Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability	www.openwall.com text/html	MLIST [oss-security] 20220604 Re: CVE-2021-4204: Linux Kernel eBPF Improper Input Validation Vulnerability
kernel/git/stable/linux.git - Linux kernel stable tree	git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e3b5dfcd16a3e254aab61bd1e8c417dd4503102
kernel/git/stable/linux.git - Linux kernel stable tree	git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48b71a9e66c2eab60564b1b1c85f4928ed04e406
kernel/git/stable/linux.git - Linux kernel stable tree	git.kernel.org text/html	MISC git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86cdf8e38792545161dbe3350a7eced558ba4d15
CVE-2021-4202 Linux Kernel Vulnerability in NetApp Products \| NetApp Product Security	security.netapp.com text/html	CONFIRM security.netapp.com/advisory/ntap-20220513-0002/

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

179117 Debian Security Update for linux (DSA 5096-1)
179118 Debian Security Update for linux (DLA 2940-1)
179119 Debian Security Update for linux-4.19 (DLA 2941-1)
179747 Debian Security Update for linux (CVE-2021-4202)
198653 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5265-1)
198667 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-1)
198674 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5294-2)
198676 Ubuntu Security Notification for Linux kernel (GKE) Vulnerabilities (USN-5297-1)
198678 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5298-1)
353242 Amazon Linux Security Advisory for kernel : ALAC2012-2022-036
353243 Amazon Linux Security Advisory for kmod-mlx5 : ALAC2012-2022-037
353244 Amazon Linux Security Advisory for kmod-sfc : ALAC2012-2022-038
377053 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX2-SA-2022:0028)
751654 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0197-1)
751657 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0198-1)
751666 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0169-1)
751695 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0367-1)
751696 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0364-1)
751697 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0366-1)
751698 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0362-1)
751701 OpenSUSE Security Update for the Linux Kernel (openSUSE-SU-2022:0366-1)
751702 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0371-1)
751703 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0372-1)
751757 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (SUSE-SU-2022:0552-1)
751993 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0198-1)
753191 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) (SUSE-SU-2022:0463-1)
753194 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0288-1)
753267 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0169-1)
753410 SUSE Enterprise Linux Security Update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) (SUSE-SU-2022:0418-1)
753462 SUSE Enterprise Linux Security Update for the Linux Kernel (SUSE-SU-2022:0289-1)
900804 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9265)
901315 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9265-1)
901707 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9237)
902066 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9237-1)
906040 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9265-2)
906498 Common Base Linux Mariner (CBL-Mariner) Security Update for kernel (9237-2)

Exploit/POC from Github

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux k…

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Linux	Linux Kernel	All	All	All	All
Operating System	Linux	Linux Kernel	5.16	-	All	All
Operating System	Linux	Linux Kernel	5.16	rc1	All	All

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.16:-:*:*:*:*:*:*:
cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*:

No vendor comments have been submitted for this CVE

Social Mentions

Source	Title	Posted (UTC)
@softek_jp	Linux Kernel の NFC NCI の処理に特権を奪われる問題 (CVE-2021-4202) [41221] sid.softek.jp/content/show/4… #SIDfm #脆弱性情報	2022-02-04 05:04:56
@management_sun	IT Risk: SUSE.Linux Kernelに複数の脆弱性 -2/2 CVE-2022-0330 CVE-2021-4197 CVE-2021-4202 CVE-2021-4083 CVE-2021-4149	2022-02-11 07:58:18
@management_sun	IT Risk: SUSE.Multiple Vulnerabilities in Linux Kernel -2/3 CVE-2021-4202 CVE-2021-4197 CVE-2021-4159 CVE-2021-4149… twitter.com/i/web/status/1…	2022-02-11 08:14:56
@management_sun	IT Risk:SUSE.Multiple vulnerabilities in Linux kernel -2/2 CVE-2021-4202 CVE-2021-4197 CVE-2021-4159 CVE-2021-4149… twitter.com/i/web/status/1…	2022-02-14 04:01:26
@management_sun	IT Risk:SUSE.Linux Kernelに複数の脆弱性 -2/2 CVE-2021-4202 CVE-2021-4083 CVE-2021-4159	2022-02-14 07:57:45
@management_sun	IT Risk:SUSE.Multiple Vulnerabilities in Linux Kernel -2/2 CVE-2021-39648 CVE-2022-0330 CVE-2021-4197 CVE-2021-4202… twitter.com/i/web/status/1…	2022-02-14 07:58:13
@CVEreport	CVE-2021-4202 : A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface N… twitter.com/i/web/status/1…	2022-03-25 19:13:20
/r/netcve	CVE-2021-4202	2022-03-25 20:38:38