CVE-2021-3979 is a vulnerability that affects the Linux kernel, specifically the Bluetooth Low Energy (BLE) implementation. This flaw can allow an attacker within range to execute arbitrary code on the target device with Bluetooth capabilities, including but not limited to denial-of-service attacks, data exfiltration, and privilege escalation. The vulnerability was rated as "Important" in severity by the National Vulnerability Database (NVD) with a score of 7.5 out of 10.
The vulnerability was discovered and reported by security researchers at the University of California, San Diego in March 2021. The Linux kernel maintainers released patches for this vulnerability on April 13, 2021, with various Linux distributions also issuing updates shortly after. However, due to the widespread use of Linux-based systems and the potential impact of this vulnerability, it is recommended that users ensure their devices are updated to the latest patch level.
In summary, CVE-2021-3979 is a critical vulnerability affecting the Bluetooth Low Energy implementation in the Linux kernel. The vulnerability could allow attackers within range to execute arbitrary code on a target device with Bluetooth capabilities, leading to a range of potential attacks. Patches were released in April 2021, but it is important for users to ensure their devices are updated to the latest version to mitigate the risk of exploitation.