CVE-2021-23134

high

Description

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

References

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d

https://www.openwall.com/lists/oss-security/2021/05/11/4

https://lists.fedoraproject.org/archives/list/[email protected]/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/

https://lists.fedoraproject.org/archives/list/[email protected]/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

https://security.netapp.com/advisory/ntap-20210625-0007/

Details

Source: MITRE

Published: 2021-05-12

Updated: 2021-09-07

Type: CWE-416

Risk Information

CVSS v2

Base Score: 4.6

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 3.9

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH