CVE-2021-28972

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-28972 is a multifaceted vulnerability found within the Linux kernel, characterized by flaws in software design and implementation. The vulnerability manifests in three distinct areas: the netfilter subsystem, the Bluetooth HCI driver, and the Qualcomm IPC router implementation. The first issue was discovered in the netfilter subsystem of the Linux kernel where a race condition existed when replacing tables. This could potentially allow an attacker to exploit this condition to cause a denial of service (DoS) or possibly execute arbitrary code. The second problem arose in the Bluetooth HCI driver of the Linux kernel, where a use-after-free vulnerability was identified. This could potentially lead to memory corruption, causing system crashes or possibly allowing an attacker to take control of the affected system. The third and final part of CVE-2021-28972 involved the Qualcomm IPC router implementation in the Linux kernel, which did not properly initialize memory passed to user space. This could allow local users to gain access to sensitive information from kernel memory or even introduce malicious code. In conclusion, CVE-2021-28972 represents a serious threat to systems running the affected versions of the Linux kernel, necessitating immediate patching and mitigation measures.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-3483Unspecified
1
CVE-2021-3483 is a significant vulnerability identified in the Linux kernel, specifically within two of its modules: the f2fs module and the bluetooth subsystem. This flaw is essentially a software design or implementation error that exposes the system to potential security breaches. The first issue
CVE-2021-45485Unspecified
1
None
Source Document References
Information about the CVE-2021-28972 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
USN-5299-1 | Security
CERT-EU
5 months ago
USN-4979-1 | Security
CERT-EU
5 months ago
USN-5343-1 | Security