{"containers":{"cna":{"affected":[{"product":"Linux Kernel","vendor":"Linux Kernel","versions":[{"lessThan":"5.12.4","status":"affected","version":"unspecified","versionType":"custom"}]}],"credits":[{"lang":"en","value":"Nadav Markus from Palo Alto Networks"},{"lang":"en","value":"Or Cohen from Palo Alto Networks"}],"datePublic":"2021-05-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-416","description":"CWE-416 Use After Free","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-06-25T05:06:31.000Z","orgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","shortName":"palo_alto"},"references":[{"tags":["x_refsource_MISC"],"url":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d"},{"tags":["x_refsource_MISC"],"url":"https://www.openwall.com/lists/oss-security/2021/05/11/4"},{"name":"FEDORA-2021-286375de1e","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/"},{"name":"FEDORA-2021-05152dbcf5","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/"},{"name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20210625-0007/"}],"solutions":[{"lang":"en","value":"Apply the following patch:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d"}],"source":{"discovery":"EXTERNAL"},"title":"Linux kernel llcp_sock_bind/connect use-after-free","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@paloaltonetworks.com","DATE_PUBLIC":"2021-05-11T11:14:00.000Z","ID":"CVE-2021-23134","STATE":"PUBLIC","TITLE":"Linux kernel llcp_sock_bind/connect use-after-free"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Linux Kernel","version":{"version_data":[{"version_affected":"<","version_value":"5.12.4"}]}}]},"vendor_name":"Linux Kernel"}]}},"credit":[{"lang":"eng","value":"Nadav Markus from Palo Alto Networks"},{"lang":"eng","value":"Or Cohen from Palo Alto Networks"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416 Use After Free"}]}]},"references":{"reference_data":[{"name":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d","refsource":"MISC","url":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d"},{"name":"https://www.openwall.com/lists/oss-security/2021/05/11/4","refsource":"MISC","url":"https://www.openwall.com/lists/oss-security/2021/05/11/4"},{"name":"FEDORA-2021-286375de1e","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/"},{"name":"FEDORA-2021-05152dbcf5","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/"},{"name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","refsource":"MLIST","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"},{"name":"https://security.netapp.com/advisory/ntap-20210625-0007/","refsource":"CONFIRM","url":"https://security.netapp.com/advisory/ntap-20210625-0007/"}]},"solution":[{"lang":"en","value":"Apply the following patch:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d"}],"source":{"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T18:58:26.357Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c61760e6940d"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2021/05/11/4"},{"name":"FEDORA-2021-286375de1e","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZYORWNQIHNWRFYRDXBWYWBYM46PDZEN/"},{"name":"FEDORA-2021-05152dbcf5","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QALNQT4LJFVSSA3MWCIECVY4AFPP4X77/"},{"name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"name":"[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20210625-0007/"}]}]},"cveMetadata":{"assignerOrgId":"d6c1279f-00f6-4ef7-9217-f89ffe703ec0","assignerShortName":"palo_alto","cveId":"CVE-2021-23134","datePublished":"2021-05-12T22:45:13.253Z","dateReserved":"2021-01-06T00:00:00.000Z","dateUpdated":"2024-09-17T03:38:10.572Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}