CVE-2021-23134

NameCVE-2021-23134
DescriptionUse After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1vulnerable
stretch (security)4.9.258-1vulnerable
buster4.19.194-1fixed
buster (security)4.19.171-2vulnerable
bullseye, sid5.10.40-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebuster4.19.194-1
linuxsource(unstable)5.10.38-1

Notes

https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
https://www.openwall.com/lists/oss-security/2021/05/11/4

Search for package or bug name: Reporting problems