CVE-2021-23134

high

Description

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

References

https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d

https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/

https://lists.fedoraproject.org/archives/list/[email protected]/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/

https://security.netapp.com/advisory/ntap-20210625-0007/

https://www.openwall.com/lists/oss-security/2021/05/11/4

Details

Published: 2021-05-12

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics