Use-after-free vulnerability in Linux kernel before 5.12.4 allows arbitrary value writing in net/bluetooth/hci_event.c (CID-5c4c8c954409)

Use-after-free vulnerability in Linux kernel before 5.12.4 allows arbitrary value writing in net/bluetooth/hci_event.c (CID-5c4c8c954409)

CVE-2021-33034 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.