CVE-2021-23134

NameCVE-2021-23134
DescriptionUse After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2689-1, DLA-2690-1, ELA-458-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2fixed
stretch (lts), stretch4.9.320-3fixed
buster4.19.249-2fixed
buster (security)4.19.304-1fixed
bullseye5.10.209-2fixed
bullseye (security)5.10.216-1fixed
bookworm6.1.76-1fixed
bookworm (security)6.1.90-1fixed
trixie6.7.12-1fixed
sid6.8.9-1fixed
linux-4.19 (PTS)stretch (security)4.19.232-1~deb9u1fixed
stretch (lts), stretch4.19.304-1~deb9u1fixed
linux-4.9 (PTS)jessie, jessie (lts)4.9.303-1~deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcejessie(unfixed)end-of-life
linuxsourcestretch4.9.272-1DLA-2689-1
linuxsourcebuster4.19.194-1
linuxsource(unstable)5.10.38-1
linux-4.19sourcestretch4.19.194-1~deb9u1DLA-2690-1
linux-4.9sourcejessie4.9.272-1~deb8u2ELA-458-1

Notes

https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6
https://www.openwall.com/lists/oss-security/2021/05/11/4

Search for package or bug name: Reporting problems