Vulnerability-Lookup

BDU:2021-04839

Vulnerability from fstec - Published: 22.03.2021

Title

Уязвимость структуры hci_chan компонента net/bluetooth/hci_event.c ядра операционной системы Linux, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость структуры hci_chan компонента net/bluetooth/hci_event.c ядра операционной системы Linux связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, Canonical Ltd., ООО «РусБИТех-Астра», Novell Inc., Fedora Project, ООО «Открытая мобильная платформа», АО "НППКТ"

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (запись в едином реестре российских программ №369), OpenSUSE Leap, Fedora, ОС Аврора (запись в едином реестре российских программ №1543), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Linux

Software Version

6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Advanced Update Support (Red Hat Enterprise Linux), 7.4 Telco Extended Update Support (Red Hat Enterprise Linux), 7.4 Advanced Update Support (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 15.2 (OpenSUSE Leap), 8.1 Extended Update Support (Red Hat Enterprise Linux), 7.7 Extended Update Support (Red Hat Enterprise Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), 21.04 (Ubuntu), 34 (Fedora), 16.04 ESM (Ubuntu), 7.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 15.3 (OpenSUSE Leap), 7.6 Telco Extended Update Support (Red Hat Enterprise Linux), 7.6 Advanced Update Support (Red Hat Enterprise Linux), 7.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), до 4.0.2 (ОС Аврора), до 2.4 (ОСОН ОСнова Оnyx), от 4.0 до 4.4.268 включительно (Linux), от 4.5 до 4.9.268 включительно (Linux), от 4.10 до 4.14.232 включительно (Linux), от 4.15 до 4.19.190 включительно (Linux), от 5.11.0 до 5.11.20 включительно (Linux), от 5.12.0 до 5.12.3 включительно (Linux), от 4.20 до 5.4.118 включительно (Linux), от 5.5 до 5.10.36 включительно (Linux)

Possible Mitigations

Использование рекомендаций: Для Linux: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.119 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-33034 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33034.xml Для Ubuntu https://ubuntu.com/security/CVE-2021-33034 Для Fedora: https://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org&q=CVE-2021-33034 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-33034 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 Для ОС Аврора 3.2.1: https://cve.omprussia.ru/bb10321 Для ОС Аврора 3.2.2: https://cve.omprussia.ru/bb11322 Для ОС Аврора 3.2.3: https://cve.omprussia.ru/bb12323 Для ОСОН Основа: Обновление программного обеспечения linux до версии 5.14.9-2.osnova179.1

Reference

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034 https://cve.omprussia.ru/bb10321 https://cve.omprussia.ru/bb11322 https://cve.omprussia.ru/bb12323 https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.119 https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/ https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1 https://ubuntu.com/security/notices/USN-4997-1 https://ubuntu.com/security/notices/USN-4997-2 https://ubuntu.com/security/notices/USN-5000-1 https://ubuntu.com/security/notices/USN-5000-2 https://ubuntu.com/security/notices/USN-5001-1 https://ubuntu.com/security/notices/USN-5016-1 https://ubuntu.com/security/notices/USN-5018-1 https://ubuntu.com/security/notices/USN-5299-1 https://ubuntu.com/security/notices/USN-5343-1 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16 https://www.cve.org/CVERecord?id=CVE-2021-33034 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc., Fedora Project, \u041e\u041e\u041e \u00ab\u041e\u0442\u043a\u0440\u044b\u0442\u0430\u044f \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 5 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 7.2 Advanced Update Support (Red Hat Enterprise Linux), 7.3 Advanced Update Support (Red Hat Enterprise Linux), 7.4 Telco Extended Update Support (Red Hat Enterprise Linux), 7.4 Advanced Update Support (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 15.2 (OpenSUSE Leap), 8.1 Extended Update Support (Red Hat Enterprise Linux), 7.7 Extended Update Support (Red Hat Enterprise Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), 21.04 (Ubuntu), 34 (Fedora), 16.04 ESM (Ubuntu), 7.4 Update Services for SAP Solutions (Red Hat Enterprise Linux), 15.3 (OpenSUSE Leap), 7.6 Telco Extended Update Support (Red Hat Enterprise Linux), 7.6 Advanced Update Support (Red Hat Enterprise Linux), 7.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), \u0434\u043e 4.0.2 (\u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u043e\u0442 4.0 \u0434\u043e 4.4.268 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.268 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.232 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.190 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11.0 \u0434\u043e 5.11.20 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.12.0 \u0434\u043e 5.12.3 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.118 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.36 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.119\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\n\nhttps://www.suse.com/security/cve/CVE-2021-33034\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33034.xml\n\n\n\n\u0414\u043b\u044f Ubuntu\nhttps://ubuntu.com/security/CVE-2021-33034\n\n\n\n\u0414\u043b\u044f Fedora:\n\nhttps://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org\u0026q=CVE-2021-33034\n\n\n\n\u0414\u043b\u044f Debian GNU/Linux:\n\nhttps://security-tracker.debian.org/tracker/CVE-2021-33034\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.1: \nhttps://cve.omprussia.ru/bb10321 \n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.2: \nhttps://cve.omprussia.ru/bb11322\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 3.2.3: \nhttps://cve.omprussia.ru/bb12323\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 5.14.9-2.osnova179.1",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "11.02.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.10.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-04839",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-33034",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Ubuntu, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), OpenSUSE Leap, Fedora, \u041e\u0421 \u0410\u0432\u0440\u043e\u0440\u0430 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161543), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Red Hat Inc. Red Hat Enterprise Linux 7.2 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.3 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.4 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.4 Advanced Update Support , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 20.10 , Novell Inc. OpenSUSE Leap 15.2 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.7 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , Canonical Ltd. Ubuntu 21.04 , Fedora Project Fedora 34 , Canonical Ltd. Ubuntu 16.04 ESM , Red Hat Inc. Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions , Novell Inc. OpenSUSE Leap 15.3 , Red Hat Inc. Red Hat Enterprise Linux 7.6 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.6 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.12.4 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b hci_chan \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 net/bluetooth/hci_event.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b hci_chan \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 net/bluetooth/hci_event.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33034\nhttps://cve.omprussia.ru/bb10321\nhttps://cve.omprussia.ru/bb11322\nhttps://cve.omprussia.ru/bb12323\nhttps://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.233\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.191\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.269\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.269\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.37\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.21\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.119\nhttps://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\nhttps://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/\nhttps://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl\nhttps://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1\nhttps://ubuntu.com/security/notices/USN-4997-1\nhttps://ubuntu.com/security/notices/USN-4997-2\nhttps://ubuntu.com/security/notices/USN-5000-1\nhttps://ubuntu.com/security/notices/USN-5000-2\nhttps://ubuntu.com/security/notices/USN-5001-1\nhttps://ubuntu.com/security/notices/USN-5016-1\nhttps://ubuntu.com/security/notices/USN-5018-1\nhttps://ubuntu.com/security/notices/USN-5299-1\nhttps://ubuntu.com/security/notices/USN-5343-1\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211008SE16\nhttps://www.cve.org/CVERecord?id=CVE-2021-33034\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

CVE-2021-33034 (GCVE-0-2021-33034)

Vulnerability from cvelistv5 – Published: 2021-05-14 22:57 – Updated: 2024-08-03 23:42

Summary

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://syzkaller.appspot.com/bug?id=2e1943a94647…	x_refsource_MISC
	https://sites.google.com/view/syzscope/kasan-use-…	x_refsource_MISC
	https://git.kernel.org/pub/scm/linux/kernel/git/t…	x_refsource_MISC
	https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan…	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:19.128Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"
          },
          {
            "name": "FEDORA-2021-bae582b42c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
          },
          {
            "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-23T01:07:44.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"
        },
        {
          "name": "FEDORA-2021-bae582b42c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
        },
        {
          "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-33034",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1",
              "refsource": "MISC",
              "url": "https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"
            },
            {
              "name": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl",
              "refsource": "MISC",
              "url": "https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3",
              "refsource": "MISC",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"
            },
            {
              "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4",
              "refsource": "MISC",
              "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"
            },
            {
              "name": "FEDORA-2021-bae582b42c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"
            },
            {
              "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-33034",
    "datePublished": "2021-05-14T22:57:07.000Z",
    "dateReserved": "2021-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:42:19.128Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2021-04839

CVE-2021-33034 (GCVE-0-2021-33034)

Tags

Sightings

Nomenclature