high
7
CWE
416 362
Advisory Published
CVE Published
Updated

CVE-2021-4202: Use After Free

First published: Mon Jan 03 2022(Updated: )

A flaw was found in the Linux kernel. Similar to the <a href="https://access.redhat.com/security/cve/CVE-2021-35373">CVE-2021-35373</a>, the nci_request() function in NFC NCI code also suffers from a data race. This race will allow __nci_request() to be awaken while the device is getting removed and cause UAF. The attacker can spray the released object to gain powerful primitive. Upstream commit: <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86cdf8e38792545161dbe3350a7eced558ba4d15">https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86cdf8e38792545161dbe3350a7eced558ba4d15</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48b71a9e66c2eab60564b1b1c85f4928ed04e406">https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48b71a9e66c2eab60564b1b1c85f4928ed04e406</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e3b5dfcd16a3e254aab61bd1e8c417dd4503102">https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e3b5dfcd16a3e254aab61bd1e8c417dd4503102</a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=aedddb4e45b34426cfbfa84454b6f203712733c5">https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=aedddb4e45b34426cfbfa84454b6f203712733c5</a>

Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/kernel<5.16
5.16
Linux Kernel>=3.2<4.4.294
Linux Kernel>=4.5<4.9.292
Linux Kernel>=4.10<4.14.257
Linux Kernel>=4.15<4.19.219
Linux Kernel>=4.20<5.4.163
Linux Kernel>=5.5.0<5.10.82
Linux Kernel>=5.11<5.15.5
debian/linux
5.10.223-1
5.10.226-1
6.1.123-1
6.1.119-1
6.12.11-1
6.12.12-1

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=2036682

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=3e3b5dfcd16a3e254aab61bd1e8c417dd4503102

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48b71a9e66c2eab60564b1b1c85f4928ed04e406

Remedy

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86cdf8e38792545161dbe3350a7eced558ba4d15

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-4202?

    CVE-2021-4202 is classified as a medium-severity vulnerability due to the potential for data races within the Linux kernel.

  • How do I fix CVE-2021-4202?

    To mitigate CVE-2021-4202, upgrade to the Linux kernel version 5.16 or higher.

  • Which systems are affected by CVE-2021-4202?

    CVE-2021-4202 affects multiple versions of the Linux kernel, specifically those between versions 3.2 and 5.15.

  • What component in the kernel is affected by CVE-2021-4202?

    The vulnerability in CVE-2021-4202 is found in the nci_request() function within the NFC NCI code of the Linux kernel.

  • Is CVE-2021-4202 similar to any other vulnerabilities?

    Yes, CVE-2021-4202 is similar to CVE-2021-35373 as both involve data races in the Linux kernel.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203