CVE-2021-23134

Linux kernel llcp_sock_bind/connect use-after-free

Published: 5/12/2021 Last updated: 9/17/2024 Reserved: 1/6/2021

Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.

CNA assigner: palo_alto (d6c1279f-00f6-4ef7-9217-f89ffe703ec0) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	7.8	High	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (1)

Product	Vendor	Version
Linux Kernel	Linux Kernel	n/a

References (14)

Credits (2)

Nadav Markus from Palo Alto Networks
Or Cohen from Palo Alto Networks