CVE-2021-3640 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Arbitrary code execution
Description	A use after free vulnerability has been found in sco_send_frame() in the Bluetooth stack of the Linux kernel before version 5.15.3, similar to CVE-2021-3573. A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code.

Group	Package	Affected	Fixed	Severity	Status
AVG-2588	linux-hardened	5.14.18.hardened1-1	5.14.21.hardened1-1	Medium	Fixed
AVG-2571	linux-zen	5.15.2.zen1-1	5.15.3.zen1-1	Medium	Fixed
AVG-2570	linux	5.15.2.arch1-1	5.15.3.arch1-1	Medium	Fixed
AVG-2568	linux-lts	5.10.79-1	5.10.80-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/07/22/1 https://bugzilla.redhat.com/show_bug.cgi?id=1980646 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.3&id=b990c219c4c9d4993ef65ea9db73d9497e70f697 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.19&id=2c2b295af72e4e30d17556375e100ae65ac0b896 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.80&id=4dfba42604f08a505f1a1efc69ec5207ea6243de

References

https://www.openwall.com/lists/oss-security/2021/07/22/1
https://bugzilla.redhat.com/show_bug.cgi?id=1980646
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.3&id=b990c219c4c9d4993ef65ea9db73d9497e70f697
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.19&id=2c2b295af72e4e30d17556375e100ae65ac0b896
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.80&id=4dfba42604f08a505f1a1efc69ec5207ea6243de