{"containers": {"cna": {"affected": [{"product": "kernel", "vendor": "n/a", "versions": [{"status": "affected", "version": "All Linux kernel versions starting from 3.13"}]}], "descriptions": [{"lang": "en", "value": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "description": "CWE-415", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-23T01:08:05", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/05/25/1"}, {"name": "[oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/06/01/2"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2021/05/25/1"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:01:07.513Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/05/25/1"}, {"name": "[oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/06/01/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2021/05/25/1"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3564", "datePublished": "2021-06-08T11:59:04", "dateReserved": "2021-05-24T00:00:00", "dateUpdated": "2024-08-03T17:01:07.513Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C14BB9C-A78E-4846-9BF4-8E1ADB32DE60", "versionStartIncluding": "3.13", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo de corrupci\u00f3n de memoria de doble liberaci\u00f3n en el subsistema de inicializaci\u00f3n de dispositivos HCI del kernel de Linux en la manera en que el usuario adjunta un dispositivo Bluetooth HCI TTY malicioso. Un usuario local podr\u00eda usar este fallo para bloquear el sistema. Este fallo afecta a todas las versiones del kernel de Linux a partir de versi\u00f3n 3.13"}], "id": "CVE-2021-3564", "lastModified": "2023-02-12T23:41:17.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-08T12:15:11.753", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/25/1"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/06/01/2"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/05/25/1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank HaoXiong, LinMa (ckSec) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2022:0622", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-1160.59.1.rt56.1200.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2022:0620", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-1160.59.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-02-22T00:00:00Z"}, {"advisory": "RHSA-2021:4140", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-348.rt7.130.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4356", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-348.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "kernel: double free in bluetooth subsystem when the HCI device initialization fails", "id": "1964139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964139"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "status": "verified"}, "cwe": "CWE-415", "details": ["A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.", "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2021-3564", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-alt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-05-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-3564\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-3564\nhttps://www.openwall.com/lists/oss-security/2021/05/25/1"], "statement": "The impact is Moderate, because the double free happens during flush procedure, and no use of incorrect data during flush finishing even if double free could happen without kernel crash.", "threat_severity": "Moderate"}