Login Sign Up

CVE-2021-3640

7.0 HIGH
Denial of Service

📋 TL;DR

This CVE describes a use-after-free vulnerability in the Linux kernel's Bluetooth HCI subsystem. A privileged local attacker can trigger a race condition to crash the system or potentially escalate privileges. Only systems with Bluetooth functionality and local user access are affected.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Versions before 5.16-rc1 (specifically before commit 99c23da0eed4fd20cae8243f2b51e10e66aa0951)
Operating Systems: Linux distributions using vulnerable kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires Bluetooth subsystem to be enabled/loaded. Many servers disable Bluetooth by default.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privilege escalation to root/kernel-level access, allowing complete system compromise.

🟠

Likely Case

Kernel panic leading to system crash/denial of service.

🟢

If Mitigated

No impact if Bluetooth is disabled or attackers lack local access.

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable.
🏢 Internal Only: MEDIUM - Local attackers with initial privileges could exploit this.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH - Requires race condition triggering and privileged local access.

Exploitation requires local access and knowledge of specific ioctl calls to trigger the race condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.16-rc1 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1980646

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.16-rc1 or later. 2. For distributions: Apply vendor kernel updates. 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable Bluetooth kernel module

linux

Prevent loading of Bluetooth subsystem to eliminate attack surface

sudo modprobe -r btusb
sudo modprobe -r bluetooth
echo 'blacklist bluetooth' | sudo tee /etc/modprobe.d/disable-bluetooth.conf

🧯 If You Can't Patch

  • Disable Bluetooth functionality completely on critical systems
  • Restrict local user access to prevent potential privilege escalation

🔍 How to Verify

Check if Vulnerable:

Check kernel version: uname -r. If before 5.16-rc1 and Bluetooth is enabled, system may be vulnerable.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.16-rc1 or later: uname -r. Check that Bluetooth modules are either updated or disabled.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Bluetooth subsystem crashes in dmesg
  • Unexpected process termination with Bluetooth operations

Network Indicators:

  • None - local exploitation only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND "bluetooth"

📊 Metadata

CVE ID: CVE-2021-3640
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: March 3, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3640, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)