CVE-2021-3640 - log back

CVE-2021-3640 edited at 27 Nov 2021 11:50:22
References
https://www.openwall.com/lists/oss-security/2021/07/22/1
https://bugzilla.redhat.com/show_bug.cgi?id=1980646
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.3&id=b990c219c4c9d4993ef65ea9db73d9497e70f697
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.14.19&id=2c2b295af72e4e30d17556375e100ae65ac0b896
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.80&id=4dfba42604f08a505f1a1efc69ec5207ea6243de
CVE-2021-3640 edited at 18 Nov 2021 22:59:46
Description
- A use after free vulnerability has been found in sco_send_frame() in the Bluetooth stack of the Linux kernel, similar to CVE-2021-3573. A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code.
+ A use after free vulnerability has been found in sco_send_frame() in the Bluetooth stack of the Linux kernel before version 5.15.3, similar to CVE-2021-3573. A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code.
References
https://www.openwall.com/lists/oss-security/2021/07/22/1
https://bugzilla.redhat.com/show_bug.cgi?id=1980646
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.3&id=b990c219c4c9d4993ef65ea9db73d9497e70f697
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.80&id=4dfba42604f08a505f1a1efc69ec5207ea6243de
CVE-2021-3640 edited at 18 Nov 2021 15:07:09
References
https://www.openwall.com/lists/oss-security/2021/07/22/1
https://bugzilla.redhat.com/show_bug.cgi?id=1980646
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.80&id=4dfba42604f08a505f1a1efc69ec5207ea6243de
CVE-2021-3640 edited at 12 Nov 2021 19:41:17
References
https://www.openwall.com/lists/oss-security/2021/07/22/1
+ https://bugzilla.redhat.com/show_bug.cgi?id=1980646
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=99c23da0eed4fd20cae8243f2b51e10e66aa0951
CVE-2021-3640 edited at 22 Jul 2021 12:10:32
Description
- A use after free vulnerability has been found in sco_conn_del() in the Bluetooth stack of the Linux kernel, similar to CVE-2021-3573. A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code.
+ A use after free vulnerability has been found in sco_send_frame() in the Bluetooth stack of the Linux kernel, similar to CVE-2021-3573. A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code.
CVE-2021-3640 edited at 22 Jul 2021 11:13:54
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ A use after free vulnerability has been found in sco_conn_del() in the Bluetooth stack of the Linux kernel, similar to CVE-2021-3573. A local attacker with CAP_NET_ADMIN privilege could exploit it to execute arbitrary code.
References
+ https://www.openwall.com/lists/oss-security/2021/07/22/1
CVE-2021-3640 created at 22 Jul 2021 11:09:03
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes