CVE-2021-3564

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-3564 is a significant vulnerability identified in the Linux kernel, specifically within the Bluetooth subsystem and the joystick device interface. The flaw, which lies in the software design and implementation, was discovered to not properly handle HCI (Host Controller Interface) device detach events. This failure leads to a use-after-free vulnerability, a type of issue that can allow unauthorized users to execute arbitrary code or even cause a system crash. The vulnerability was uncovered by Murray McAllister, who also found that the joystick device interface within the Linux kernel did not correctly validate data passed via an ioctl() function. Improper validation of such data can potentially lead to privilege escalation, data corruption, or denial of service attacks, thereby posing a considerable security risk to systems running the affected versions of the Linux kernel. In summary, CVE-2021-3564 represents a substantial security threat due to its impact on the Bluetooth subsystem and the joystick device interface within the Linux kernel. Both the use-after-free vulnerability and improper data validation issues could lead to serious consequences, including unauthorized access, data loss, or system downtime. It's critical for organizations using affected Linux distributions to apply patches or mitigations as soon as they are available to prevent potential exploitation.
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-3587Unspecified
1
None
CVE-2021-45485Unspecified
1
None
Source Document References
Information about the CVE-2021-3564 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
USN-5299-1 | Security
CERT-EU
5 months ago
USN-5044-1 | Security
CERT-EU
5 months ago
USN-5343-1 | Security