CVE-2021-3573
6.4 MEDIUMA use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR...
Published: 2021-08-13 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.4 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-362
Affected products
| Vendor | Product |
|---|---|
| fedoraproject | enterprise_linux, fedora, linux_kernel |
| linux | enterprise_linux, fedora, linux_kernel |
| redhat | enterprise_linux, fedora, linux_kernel |
Description
A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3573
- [Other]http://www.openwall.com/lists/oss-security/2023/07/02/1
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1966578
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
- [Exploit reference]https://www.openwall.com/lists/oss-security/2021/06/08/2
- [Other]http://www.openwall.com/lists/oss-security/2023/07/02/1
- [Other]https://bugzilla.redhat.com/show_bug.cgi?id=1966578
- [Patch]https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
- [Exploit reference]https://www.openwall.com/lists/oss-security/2021/06/08/2
Related CVEs
Same vendor
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-11793 — A stack buffer overflow flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11790 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
- CVE-2026-11789 — A flaw was found in 389 Directory Server (4.9 MEDIUM)
Same CWE
- CVE-2025-13036 — An authentication bypass security issue exists within FactoryTalk Historian Site Edition
- CVE-2026-48708 — OliveTin gives access to predefined shell commands from a web interface (7.5 HIGH)
- CVE-2026-54229 — A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method (7.0 HIGH)
- CVE-2026-12022 — Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process ... (8.3 HIGH)
- CVE-2026-46693 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)