2021-07-09 06:00:56 +00:00
{
2023-02-02 21:00:39 +00:00
"data_version" : "4.0" ,
2021-07-09 06:00:56 +00:00
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"CVE_data_meta" : {
"ID" : "CVE-2021-3640" ,
2022-03-03 23:01:09 +00:00
"ASSIGNER" : "secalert@redhat.com" ,
"STATE" : "PUBLIC"
} ,
2023-02-02 21:00:39 +00:00
"description" : {
"description_data" : [
{
"lang" : "eng" ,
"value" : "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system."
}
]
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Use After Free" ,
"cweId" : "CWE-416"
}
]
}
]
} ,
2022-03-03 23:01:09 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
{
2023-02-02 21:00:39 +00:00
"vendor_name" : "Red Hat" ,
2022-03-03 23:01:09 +00:00
"product" : {
"product_data" : [
{
2023-02-02 21:00:39 +00:00
"product_name" : "Red Hat Enterprise Linux 8" ,
2022-03-03 23:01:09 +00:00
"version" : {
"version_data" : [
{
2023-02-02 21:00:39 +00:00
"version_value" : "0:4.18.0-425.3.1.rt7.213.el8" ,
"version_affected" : "!"
} ,
{
"version_value" : "0:4.18.0-425.3.1.el8" ,
"version_affected" : "!"
}
]
}
} ,
{
"product_name" : "Red Hat Enterprise Linux 9" ,
"version" : {
"version_data" : [
{
"version_value" : "0:5.14.0-162.6.1.rt21.168.el9_1" ,
"version_affected" : "!"
} ,
{
"version_value" : "0:5.14.0-162.6.1.el9_1" ,
"version_affected" : "!"
2022-03-03 23:01:09 +00:00
}
]
}
}
]
}
}
]
}
} ,
"references" : {
"reference_data" : [
{
2023-02-02 21:00:39 +00:00
"url" : "https://ubuntu.com/security/CVE-2021-3640" ,
"refsource" : "MISC" ,
"name" : "https://ubuntu.com/security/CVE-2021-3640"
} ,
{
"url" : "https://www.openwall.com/lists/oss-security/2021/07/22/1" ,
"refsource" : "MISC" ,
"name" : "https://www.openwall.com/lists/oss-security/2021/07/22/1"
} ,
{
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951" ,
"refsource" : "MISC" ,
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"
} ,
{
"url" : "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951" ,
"refsource" : "MISC" ,
"name" : "https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"
} ,
{
"url" : "https://access.redhat.com/errata/RHSA-2022:7444" ,
2022-03-03 23:01:09 +00:00
"refsource" : "MISC" ,
2023-02-02 21:00:39 +00:00
"name" : "https://access.redhat.com/errata/RHSA-2022:7444"
2022-03-03 23:01:09 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://access.redhat.com/errata/RHSA-2022:7683" ,
2022-03-03 23:01:09 +00:00
"refsource" : "MISC" ,
2023-02-02 21:00:39 +00:00
"name" : "https://access.redhat.com/errata/RHSA-2022:7683"
2022-03-03 23:01:09 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://access.redhat.com/errata/RHSA-2022:7933" ,
2022-03-03 23:01:09 +00:00
"refsource" : "MISC" ,
2023-02-02 21:00:39 +00:00
"name" : "https://access.redhat.com/errata/RHSA-2022:7933"
2022-03-03 23:01:09 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://access.redhat.com/errata/RHSA-2022:8267" ,
2022-03-03 23:01:09 +00:00
"refsource" : "MISC" ,
2023-02-02 21:00:39 +00:00
"name" : "https://access.redhat.com/errata/RHSA-2022:8267"
2022-03-03 23:01:09 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://access.redhat.com/security/cve/CVE-2021-3640" ,
2022-03-03 23:01:09 +00:00
"refsource" : "MISC" ,
2023-02-02 21:00:39 +00:00
"name" : "https://access.redhat.com/security/cve/CVE-2021-3640"
2022-03-10 17:28:38 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1980646" ,
"refsource" : "MISC" ,
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1980646"
2022-03-10 17:28:38 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html" ,
"refsource" : "MISC" ,
"name" : "https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"
2022-03-10 17:28:38 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" ,
"refsource" : "MISC" ,
"name" : "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"
2022-04-19 19:03:40 +00:00
} ,
{
2023-02-02 21:00:39 +00:00
"url" : "https://lkml.org/lkml/2021/8/28/238" ,
"refsource" : "MISC" ,
"name" : "https://lkml.org/lkml/2021/8/28/238"
} ,
{
"url" : "https://security.netapp.com/advisory/ntap-20220419-0003/" ,
"refsource" : "MISC" ,
"name" : "https://security.netapp.com/advisory/ntap-20220419-0003/"
} ,
{
"url" : "https://www.debian.org/security/2022/dsa-5096" ,
"refsource" : "MISC" ,
"name" : "https://www.debian.org/security/2022/dsa-5096"
2022-03-03 23:01:09 +00:00
}
]
2021-07-09 06:00:56 +00:00
} ,
2023-02-02 21:00:39 +00:00
"work_around" : [
{
"lang" : "en" ,
"value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
] ,
"impact" : {
"cvss" : [
2021-07-09 06:00:56 +00:00
{
2023-02-02 21:00:39 +00:00
"attackComplexity" : "LOW" ,
"attackVector" : "LOCAL" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.7 ,
"baseSeverity" : "MEDIUM" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"privilegesRequired" : "HIGH" ,
"scope" : "UNCHANGED" ,
"userInteraction" : "NONE" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"version" : "3.1"
2021-07-09 06:00:56 +00:00
}
]
}
}
