CVE-2021-4202

high

Description

A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.

References

https://security.netapp.com/advisory/ntap-20220513-0002/

https://bugzilla.redhat.com/show_bug.cgi?id=2036682

http://www.openwall.com/lists/oss-security/2022/06/07/2

http://www.openwall.com/lists/oss-security/2022/06/04/2

http://www.openwall.com/lists/oss-security/2022/06/01/2

Details

Source: Mitre, NVD

Published: 2022-03-25

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High