CVE-2021-3752

Q: What is the severity of CVE-2021-3752?

CVE-2021-3752 has a CVSS score of 7.1 (HIGH). A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to crash the system or potentially escalate privileges through a race condition when connecting and disconnecting simultaneously. This affects Linux systems with Bluetooth enabled. The vulnerability impacts confidentiality, integrity, and availability.

7.1 HIGH

Denial of Service

📋 TL;DR

A use-after-free vulnerability in the Linux kernel's Bluetooth subsystem allows local attackers to crash the system or potentially escalate privileges through a race condition when connecting and disconnecting simultaneously. This affects Linux systems with Bluetooth enabled. The vulnerability impacts confidentiality, integrity, and availability.

💻 Affected Systems

Products:

Linux kernel

Versions: Specific affected versions vary by distribution, but generally Linux kernel versions before fixes in late 2021/early 2022

Operating Systems: Linux distributions including Red Hat, Debian, Ubuntu, CentOS, and others

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Bluetooth functionality enabled and accessible to local users.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Virtualization Host by Redhat

View all CVEs affecting Virtualization Host →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, system crash leading to denial of service, or potential kernel memory corruption allowing arbitrary code execution.

🟠

Likely Case

System crash or kernel panic causing denial of service, with potential for privilege escalation in targeted attacks.

🟢

If Mitigated

Minimal impact if Bluetooth is disabled or systems are properly patched and isolated.

🌐 Internet-Facing: LOW - Requires local access to the system, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to gain elevated privileges or cause system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and race condition triggering, making exploitation somewhat complex but feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by distribution - check specific vendor advisories for patched kernel versions

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=1999544

Restart Required: Yes

Instructions:

1. Update Linux kernel using your distribution's package manager. 2. For Red Hat/CentOS: 'yum update kernel'. 3. For Debian/Ubuntu: 'apt update && apt upgrade linux-image-*'. 4. Reboot system after update.

🔧 Temporary Workarounds

Disable Bluetooth

linux

Disable Bluetooth functionality to prevent exploitation

systemctl stop bluetooth
systemctl disable bluetooth
rfkill block bluetooth

Restrict Bluetooth access

linux

Limit Bluetooth socket access to trusted users only

chmod 600 /var/run/bluetooth/*
setfacl -m u:trusteduser:rw /var/run/bluetooth/*

🧯 If You Can't Patch

Disable Bluetooth functionality completely on affected systems
Implement strict access controls to limit local user privileges and Bluetooth access

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare against vendor patched versions: 'uname -r' and consult distribution security advisories

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version after update matches patched version: 'uname -r' and check that Bluetooth service is either disabled or updated

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Bluetooth subsystem crash messages in dmesg
Unexpected privilege escalation events

Network Indicators:

None - local exploitation only

SIEM Query:

source="kernel" AND ("panic" OR "Oops" OR "use-after-free") AND "bluetooth"

📊 Metadata

CVE ID: CVE-2021-3752

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 16, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=1999544 Issue Tracking,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List,Third Party Advisory
https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org/
https://security.netapp.com/advisory/ntap-20220318-0009/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/09/15/4 Exploit,Mailing List,Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch,Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1999544 Issue Tracking,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00011.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List,Third Party Advisory
https://lore.kernel.org/lkml/20211115165435.133245729%40linuxfoundation.org/
https://security.netapp.com/advisory/ntap-20220318-0009/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/09/15/4 Exploit,Mailing List,Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html Patch,Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

3scale by Redhat

Communications Cloud Native Core Binding Support Function by Oracle

Communications Cloud Native Core Network Exposure Function by Oracle

Communications Cloud Native Core Policy by Oracle

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Enterprise Linux by Redhat

Enterprise Linux For Real Time by Redhat

Enterprise Linux For Real Time For Nfv by Redhat

Fedora by Fedoraproject

H300e Firmware by Netapp

H300s Firmware by Netapp

H410c Firmware by Netapp

H410s Firmware by Netapp

H500e Firmware by Netapp

H500s Firmware by Netapp

H700e Firmware by Netapp

H700s Firmware by Netapp

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Virtualization Host by Redhat

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable Bluetooth

Restrict Bluetooth access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities