VDB
CVE-2021-23134
CVE-2021-23134
PUBLISHED
Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability.
EPSS 0.02% · 5.2th percentile
Risk Scores
EPSS Score
0.02%
5.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | linux-bluefield | 5.4.0-1012.15, 5.4.0-1007.10, 0 |
| Ubuntu:24.04:LTS | linux-raspi-realtime | 6.8.0-2019.20, 0 |
| Ubuntu:Pro:14.04:LTS | linux-azure | 0, 4.15.0-1092.102~14.04.1, 4.15.0-1091.101~14.04.1 |
| Ubuntu:18.04:LTS | linux-oem | 4.15.0-1056.65, 4.15.0-1102.113, 4.15.0-1094.104 |
| Ubuntu:Pro:16.04:LTS | linux-gcp | *, 4.15.0-1044.46, 4.15.0-1046.49 |
| Ubuntu:18.04:LTS | linux-gcp-4.15 | 4.15.0-1086.98, 4.15.0-1080.90, 4.15.0-1090.103 |
| Ubuntu:Pro:16.04:LTS | linux-aws-hwe | 4.15.0-1074.78~16.04.1, 4.15.0-1080.84~16.04.1, 4.15.0-1082.86~16.04.1 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.10.0-22.24~16.04.1, *, * |
| Ubuntu:18.04:LTS | linux-hwe | 4.18.0-15.16~18.04.1, 5.3.0-73.69, 5.3.0-65.59 |
| Ubuntu:18.04:LTS | linux-gcp-edge | 0, 4.18.0-1004.5~18.04.1, 4.18.0-1005.6~18.04.1 |
| Ubuntu:20.04:LTS | linux-riscv-5.8 | 5.8.0-22.24~20.04.1, 5.8.0-16.18~20.04.1, 5.8.0-17.19~20.04.1 |
| Ubuntu:18.04:LTS | linux-azure-4.15 | 4.15.0-1096.106, 0, 4.15.0-1082.92 |
| Ubuntu:18.04:LTS | linux-azure-5.4 | 5.4.0-1034.35~18.04.1, 5.4.0-1041.43~18.04.1, 5.4.0-1043.45~18.04.1 |
| Ubuntu:20.04:LTS | linux-hwe-5.8 | *, 0, * |
| Ubuntu:18.04:LTS | linux-oracle-5.3 | 5.3.0-1016.18~18.04.1, 0, 5.3.0-1011.12~18.04.1 |
| Ubuntu:18.04:LTS | linux | 4.15.0-143.147, 4.15.0-142.146, 4.15.0-139.143 |
| Ubuntu:18.04:LTS | linux-gke-5.4 | 5.4.0-1044.46~18.04.1, 5.4.0-1037.39~18.04.1, 5.4.0-1036.38~18.04.1 |
| Ubuntu:20.04:LTS | linux-oem-5.10 | 5.10.0-1023.24, 5.10.0-1021.22, 5.10.0-1008.9 |
| Ubuntu:20.04:LTS | linux | 5.4.0-18.22, 5.4.0-21.25, 5.4.0-39.43 |
| Ubuntu:20.04:LTS | linux-azure | 5.4.0-1019.19, 5.3.0-1003.3, 5.4.0-1016.16 |
…and 44 more
Timeline
- May 11, 2021 CVE Published
- May 13, 2021 EPSS Score
- Jul 16, 2021 EPSS Score
- Sep 15, 2021 EPSS Score
- Nov 16, 2021 EPSS Score
- Jan 17, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 20, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 22, 2022 EPSS Score
- Sep 22, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-23134 third-party-advisory
- https://git.kernel.org/linus/c61760e6940dd4039a7f5e84a6afc9cdbf4d82b6 third-party-advisory
- https://ubuntu.com/security/notices/USN-4997-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5000-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5001-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5018-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5016-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-5000-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-4997-2 vendor-advisory
- https://ubuntu.com/security/notices/USN-5343-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-23134 third-party-advisory