CVE-2021-3752: Race Condition
First published: Tue Aug 31 2021(Updated: )
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:3.10.0-1160.59.1.rt56.1200.el7 | 0:3.10.0-1160.59.1.rt56.1200.el7 |
| redhat/kernel | <0:3.10.0-1160.59.1.el7 | 0:3.10.0-1160.59.1.el7 |
| redhat/kernel-rt | <0:4.18.0-372.9.1.rt7.166.el8 | 0:4.18.0-372.9.1.rt7.166.el8 |
| redhat/kernel | <0:4.18.0-372.9.1.el8 | 0:4.18.0-372.9.1.el8 |
| redhat/kernel | <5.15.3 | 5.15.3 |
| Linux Kernel | >=2.6.12<4.4.293 | |
| Linux Kernel | >=4.5<4.9.291 | |
| Linux Kernel | >=4.10<4.14.256 | |
| Linux Kernel | >=4.15<4.19.218 | |
| Linux Kernel | >=4.20<5.4.160 | |
| Linux Kernel | >=5.5<5.10.80 | |
| Linux Kernel | >=5.11<5.14.19 | |
| Linux Kernel | >=5.15<5.15.3 | |
| Red Hat 3scale | =2.0 | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Fedora | =34 | |
| Red Hat Enterprise Linux | =7.0 | |
| Red Hat Enterprise Linux | =8.0 | |
| Red Hat Enterprise Linux for Real Time | =7 | |
| Red Hat Enterprise Linux for Real Time for NFV | =7 | |
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E Firmware | ||
| NetApp H300E | ||
| NetApp H500e Firmware | ||
| NetApp H500E | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S Firmware | ||
| NetApp H410S | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| Debian | =9.0 | |
| Debian | =10.0 | |
| Oracle Communications Cloud Native Core Binding Support Function | =22.1.3 | |
| Oracle Communications Cloud Native Core Network Exposure Function | =22.1.1 | |
| Oracle Communications Cloud Native Core Policy | =22.2.0 | |
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H300S | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H500S | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H700S | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H300E | ||
| NetApp Baseboard Management Controller H500E Firmware | ||
| NetApp Baseboard Management Controller H500E Firmware | ||
| NetApp Baseboard Management Controller H700E Firmware | ||
| NetApp Baseboard Management Controller H700E Firmware | ||
| NetApp Baseboard Management Controller Firmware | ||
| NetApp Baseboard Management Controller H410S | ||
| NetApp Baseboard Management Controller H410C | ||
| NetApp Baseboard Management Controller H410C Firmware | ||
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H500E | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| debian/linux | 5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1 |
Remedy
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation baser or stability. The possible solution is to disable Bluetooth completely: https://access.redhat.com/solutions/2682931
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-3752 https://nvd.nist.gov/vuln/detail/CVE-2021-3752 https://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/ https://www.openwall.com/lists/oss-security/2021/09/15/4
- https://bugzilla.redhat.com/show_bug.cgi?id=1999544
- https://access.redhat.com/errata/RHSA-2022:0622
- https://access.redhat.com/errata/RHSA-2022:0620
- https://access.redhat.com/errata/RHSA-2022:1975
- https://access.redhat.com/errata/RHSA-2022:1988
- https://access.redhat.com/security/cve/cve-2021-3752
- https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html
- https://lore.kernel.org/lkml/20211115165435.133245729@linuxfoundation.org/
- https://security.netapp.com/advisory/ntap-20220318-0009/
- https://www.debian.org/security/2022/dsa-5096
- https://www.openwall.com/lists/oss-security/2021/09/15/4
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://launchpad.net/bugs/cve/CVE-2021-3752
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2004506
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1999544#c12
- https://packages.qa.debian.org/l/linux/news/20211209T191708Z.html
- https://lore.kernel.org/lkml/20210714031733.1395549-1-bobo.shaobowang@huawei.com/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1999544#c13
- https://lore.kernel.org/lkml/20210714031733.1395549-1-bobo.shaobowang@huawei
- https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org/
- https://security-tracker.debian.org/tracker/CVE-2021-3752
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3752
- https://nvd.nist.gov/vuln/detail/CVE-2021-3752
- https://ubuntu.com/security/CVE-2021-3752
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2021-3752?
CVE-2021-3752 has been rated as High severity due to potential for system crashes and privilege escalation.
How do I fix CVE-2021-3752?
To address CVE-2021-3752, you should update your Linux kernel to the latest versions specified by your distribution, including kernel-rt and kernel for Red Hat and Debian.
What systems are affected by CVE-2021-3752?
CVE-2021-3752 affects various Linux distributions including Red Hat and Debian, particularly versions of the kernel from 2.6.12 to 5.15.3.
What types of vulnerabilities does CVE-2021-3752 represent?
CVE-2021-3752 is a use-after-free vulnerability, caused by a race condition in the Bluetooth subsystem of the Linux kernel.
Can exploitation of CVE-2021-3752 lead to remote access?
Exploitation of CVE-2021-3752 could potentially allow an attacker to escalate privileges on the affected system.
- collector/redhat-cve
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/type
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3752
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-cve
- source/NVD
- package-manager/redhat
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.12
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.15
- vendor/redhat
- canonical/red hat 3scale
- version/red hat 3scale/2.0
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0
- vendor/fedoraproject
- canonical/fedora
- version/fedora/34
- canonical/red hat enterprise linux
- version/red hat enterprise linux/7.0
- version/red hat enterprise linux/8.0
- canonical/red hat enterprise linux for real time
- version/red hat enterprise linux for real time/7
- canonical/red hat enterprise linux for real time for nfv
- version/red hat enterprise linux for real time for nfv/7
- vendor/netapp
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e firmware
- canonical/netapp h300e
- canonical/netapp h500e
- canonical/netapp h700e
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp h410c
- canonical/netapp h410c firmware
- vendor/debian
- canonical/debian
- version/debian/9.0
- version/debian/10.0
- vendor/oracle
- canonical/oracle communications cloud native core binding support function
- version/oracle communications cloud native core binding support function/22.1.3
- canonical/oracle communications cloud native core network exposure function
- version/oracle communications cloud native core network exposure function/22.1.1
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/22.2.0
- canonical/netapp baseboard management controller firmware
- canonical/netapp baseboard management controller h300s
- canonical/netapp baseboard management controller h500s
- canonical/netapp baseboard management controller h700s
- canonical/netapp baseboard management controller h300e
- canonical/netapp baseboard management controller h500e firmware
- canonical/netapp baseboard management controller h700e firmware
- canonical/netapp baseboard management controller h410s
- canonical/netapp baseboard management controller h410c
- canonical/netapp baseboard management controller h410c firmware