CVE-2021-3752
moderate-risk
Published 2022-02-16
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (20)
3Scale
References (16)
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1999544
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0009/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1999544
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0009/
Third Party Advisory
https://www.debian.org/security/2022/dsa-5096
38
/ 100
moderate-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
20/34 · Moderate