uthrasri / Linux_kernel_4.19.72

0 stars 0 forks source link

CVE-2021-33034 (High) detected in linuxlinux-4.19.72 #13

Open mend-bolt-for-github[bot] opened 11 months ago

mend-bolt-for-github[bot] commented 11 months ago

CVE-2021-33034 - High Severity Vulnerability

Vulnerable Library - linuxlinux-4.19.72

The Linux Kernel

Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/?wsslib=linux

Found in HEAD commit: ed48650604b1d1d694b8e4b96732faa74080f35a

Found in base branch: master

Vulnerable Source Files (1)

/include/net/bluetooth/hci_core.h

Vulnerability Details

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

Publish Date: 2021-05-14

URL: CVE-2021-33034

CVSS 3 Score Details (7.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.linuxkernelcves.com/cves/CVE-2021-33034

Release Date: 2021-05-14

Fix Resolution: v5.4.119, v5.10.37, v5.11.21, v5.12.4


Step up your Open Source Security Game with Mend here