Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2021-47068 |
CWE-ID | CWE-416 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90245
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/26157c82ba756767b2bd66d28a71b1bc454447f6
http://git.kernel.org/stable/c/ccddad6dd28530e716448e594c9ca7c76ccd0570
http://git.kernel.org/stable/c/18ae4a192a4496e48a5490b52812645d2413307c
http://git.kernel.org/stable/c/48fba458fe54cc2a980a05c13e6c19b8b2cfb610
http://git.kernel.org/stable/c/e32352070bcac22be6ed8ab635debc280bb65b8c
http://git.kernel.org/stable/c/6b7021ed36dabf29e56842e3408781cd3b82ef6e
http://git.kernel.org/stable/c/374cdde4dcc9c909a60713abdbbf96d5e3e09f91
http://git.kernel.org/stable/c/18175fe17ae043a0b81e5d511f8817825784c299
http://git.kernel.org/stable/c/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.