Linux Kernel CMTP Module Double Free Privilege Escalation Vulnerability
CVE-2021-34981

7.5HIGH

Key Information:

Vendor: Linux
Status: Kernel
Vendor: CVE Published:; 7 May 2024

Summary

A local privilege escalation vulnerability exists in the Bluetooth CMTP module of the Linux Kernel. This security flaw arises from inadequate validation of the existence of an object before performing free operations on it. Attackers with the ability to execute high-privileged code on the compromised system can exploit this vulnerability to escalate their privileges and execute malicious code in the context of the kernel. This flaw emphasizes the need for robust input validation and security practices to mitigate potential exploitation.

Affected Version(s)

Kernel 4.15.0-118-generic

References

https://www.zerodayinitiative.com/advisories/ZDI-21-1223/

x_research-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Jun 17, 2021

Collectors

NVD DatabaseMitre Database