{"containers":{"cna":{"affected":[{"product":"kernel","vendor":"n/a","versions":[{"status":"affected","version":"Affects kernel v5.15.3 and prior, Fixed in v5.16-rc1 and above."}]}],"descriptions":[{"lang":"en","value":"A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-362","description":"CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), CWE-416 - Use After Free.","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-04-19T18:06:25.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_MISC"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980646"},{"tags":["x_refsource_MISC"],"url":"https://ubuntu.com/security/CVE-2021-3640"},{"tags":["x_refsource_MISC"],"url":"https://www.openwall.com/lists/oss-security/2021/07/22/1"},{"tags":["x_refsource_MISC"],"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"},{"tags":["x_refsource_MISC"],"url":"https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"},{"name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"},{"name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"},{"name":"DSA-5096","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2022/dsa-5096"},{"tags":["x_refsource_CONFIRM"],"url":"https://security.netapp.com/advisory/ntap-20220419-0003/"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T17:01:07.744Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980646"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ubuntu.com/security/CVE-2021-3640"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.openwall.com/lists/oss-security/2021/07/22/1"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/bluetooth/sco.c?h=v5.16&id=99c23da0eed4fd20cae8243f2b51e10e66aa0951"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://github.com/torvalds/linux/commit/99c23da0eed4fd20cae8243f2b51e10e66aa0951"},{"name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2940-1] linux security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html"},{"name":"[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html"},{"name":"DSA-5096","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5096"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://security.netapp.com/advisory/ntap-20220419-0003/"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2021-3640","datePublished":"2022-03-03T22:04:15.000Z","dateReserved":"2021-07-09T00:00:00.000Z","dateUpdated":"2024-08-03T17:01:07.744Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}