CVE-2021-32399 – A race condition in the Linux kernel's Bluetoot... (How to Fix)

Q: What is the severity of CVE-2021-32399?

CVE-2021-32399 has a CVSS score of 7.0 (HIGH). A race condition in the Linux kernel's Bluetooth HCI controller removal allows local attackers to cause a use-after-free condition. This can lead to system crashes or potential privilege escalation. Affects Linux systems with Bluetooth enabled running kernel versions through 5.12.2.

📋 TL;DR

A race condition in the Linux kernel's Bluetooth HCI controller removal allows local attackers to cause a use-after-free condition. This can lead to system crashes or potential privilege escalation. Affects Linux systems with Bluetooth enabled running kernel versions through 5.12.2.

💻 Affected Systems

Products:

Linux kernel

Versions: All versions through 5.12.2

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Bluetooth hardware/drivers enabled. Virtual machines without Bluetooth hardware may not be vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire Baseboard Management Controller Firmware by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, system crash leading to denial of service, or kernel memory corruption.

🟠

Likely Case

System crash or kernel panic causing denial of service, requiring reboot.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or system is patched; isolated to local access only.

🌐 Internet-Facing: LOW - Requires local access to exploit, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers on multi-user systems or compromised accounts could exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH - Requires precise timing and local access.

Race conditions are difficult to exploit reliably. No public exploit code identified in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.12.3 and later, or backported patches for older kernels

Vendor Advisory: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.12.3 or later. 2. For distributions with backports, apply security updates via package manager (apt-get update && apt-get upgrade for Debian/Ubuntu, yum update for RHEL/CentOS). 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Disable Bluetooth kernel module to prevent exploitation

sudo systemctl stop bluetooth
sudo modprobe -r btusb
sudo modprobe -r bluetooth

🧯 If You Can't Patch

Disable Bluetooth hardware/drivers if not needed
Restrict local user access to systems with Bluetooth enabled

🔍 How to Verify

Check if Vulnerable:

Check kernel version with 'uname -r'. If version is 5.12.2 or earlier, system may be vulnerable if Bluetooth is enabled.

Check Version:

uname -r

Verify Fix Applied:

After patching, verify kernel version is 5.12.3 or later with 'uname -r' and check that Bluetooth functions normally if needed.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Bluetooth subsystem crash messages in dmesg
System crash/reboot events

Network Indicators:

None - local exploit only

SIEM Query:

Search for kernel panic events or Bluetooth driver crashes in system logs

📊 Metadata

CVE ID: CVE-2021-32399

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-362

Published: May 10, 2021

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2021/05/11/2 Exploit,Mailing List,Patch,Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 Mailing List,Patch,Vendor Advisory
https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20210622-0006/ Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/11/2 Exploit,Mailing List,Patch,Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 Mailing List,Patch,Vendor Advisory
https://github.com/torvalds/linux/commit/e2cb6b891ad2b8caa9131e3be70f45243df82a80 Patch,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20210622-0006/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32399, you might also want to check these: