CVE-2021-33034

Published: May 14, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1

x_refsource_MISC

https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl

x_refsource_MISC

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3

x_refsource_MISC

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4

x_refsource_MISC

FEDORA-2021-bae582b42c

vendor-advisory

x_refsource_FEDORA

[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-33034

Description

Affected Products

References