Alpaquita Linux
Security Advisory

CVE-2021-3752

Published: February 16, 2022Last modified: September 29, 2023

Description

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Severity score breakdown

ParameterValue
Base score7.1
Attack VectorADJACENT_NETWORK
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactHIGH
Availability impactHIGH
VectorCVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSlinux-ltsNot affected (6.1.50-r0)
Streamlinux-ltsNot affected (6.1.50-r0)

References

ON THIS PAGE