CVE-2021-28972 is a multifaceted vulnerability found within the Linux kernel, characterized by flaws in software design and implementation. The vulnerability manifests in three distinct areas: the netfilter subsystem, the Bluetooth HCI driver, and the Qualcomm IPC router implementation.
The first issue was discovered in the netfilter subsystem of the Linux kernel where a race condition existed when replacing tables. This could potentially allow an attacker to exploit this condition to cause a denial of service (DoS) or possibly execute arbitrary code. The second problem arose in the Bluetooth HCI driver of the Linux kernel, where a use-after-free vulnerability was identified. This could potentially lead to memory corruption, causing system crashes or possibly allowing an attacker to take control of the affected system.
The third and final part of CVE-2021-28972 involved the Qualcomm IPC router implementation in the Linux kernel, which did not properly initialize memory passed to user space. This could allow local users to gain access to sensitive information from kernel memory or even introduce malicious code. In conclusion, CVE-2021-28972 represents a serious threat to systems running the affected versions of the Linux kernel, necessitating immediate patching and mitigation measures.