Use-After-Free Vulnerability in Linux Kernel's Bluetooth Subsystem Allows Privilege Escalation and System Crash

Use-After-Free Vulnerability in Linux Kernel's Bluetooth Subsystem Allows Privilege Escalation and System Crash

CVE-2021-3752 · HIGH Severity

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.