Open mend-bolt-for-github[bot] opened 11 months ago
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a
Found in base branch: master
/include/net/bluetooth/hci_core.h
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Publish Date: 2021-05-14
URL: CVE-2021-33034
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2021-33034
Release Date: 2021-05-14
Fix Resolution: v5.4.119, v5.10.37, v5.11.21, v5.12.4
Step up your Open Source Security Game with Mend here
CVE-2021-33034 - High Severity Vulnerability
Vulnerable Library - linuxlinux-4.19.72
The Linux Kernel
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux
Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a
Found in base branch: master
Vulnerable Source Files (1)
/include/net/bluetooth/hci_core.h
Vulnerability Details
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
Publish Date: 2021-05-14
URL: CVE-2021-33034
CVSS 3 Score Details (7.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.linuxkernelcves.com/cves/CVE-2021-33034
Release Date: 2021-05-14
Fix Resolution: v5.4.119, v5.10.37, v5.11.21, v5.12.4
Step up your Open Source Security Game with Mend here