CVE-2021-4202

Published Mar 25, 2022

Last updated a year ago

CVSS high 7.0

Overview

Description: A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-362
secalert@redhat.com: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0203844-754E-40C9-AFB3-678A9A9D2490",
            "versionEndExcluding": "4.4.294",
            "versionStartIncluding": "3.2"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB7F6C04-42D3-48A3-892D-2487383B9B6E",
            "versionEndExcluding": "4.9.292",
            "versionStartIncluding": "4.5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7080D941-9847-42F5-BA50-0A03CFB61FD1",
            "versionEndExcluding": "4.14.257",
            "versionStartIncluding": "4.10"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9EF0575-6BF6-4AD9-B9A0-5C8D7D71710C",
            "versionEndExcluding": "4.19.219",
            "versionStartIncluding": "4.15"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E8F086-C9B9-4987-8B2E-B4A16D1DA7BA",
            "versionEndExcluding": "5.4.163",
            "versionStartIncluding": "4.20"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E93DC61F-3F49-4D65-B0DE-4B46B8990120",
            "versionEndExcluding": "5.10.82",
            "versionStartIncluding": "5.5.0"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F",
            "versionEndExcluding": "5.15.5",
            "versionStartIncluding": "5.11"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References