CVE-2021-3760

Q: What is the severity of CVE-2021-3760?

CVE-2021-3760 has a CVSS score of 7.8 (HIGH). CVE-2021-3760 is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem. This flaw allows local attackers to potentially execute arbitrary code, escalate privileges, or crash the system by exploiting improper memory handling. It affects Linux systems with NFC hardware or drivers enabled.

7.8 HIGH

📋 TL;DR

CVE-2021-3760 is a use-after-free vulnerability in the Linux kernel's NFC (Near Field Communication) subsystem. This flaw allows local attackers to potentially execute arbitrary code, escalate privileges, or crash the system by exploiting improper memory handling. It affects Linux systems with NFC hardware or drivers enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before 5.14-rc1

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if NFC subsystem is enabled/loaded. Many servers don't have NFC hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

Linux Kernel by Linux

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root, complete system compromise, or kernel panic causing denial of service.

🟠

Likely Case

Local privilege escalation allowing attackers to gain root access on affected systems.

🟢

If Mitigated

Limited impact if NFC functionality is disabled or systems are properly segmented.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly exploitable over network.

🏢 Internal Only: MEDIUM - Local attackers or compromised accounts could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of kernel exploitation techniques. Proof-of-concept code exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.14-rc1 and later

Vendor Advisory: https://bugzilla.redhat.com/show_bug.cgi?id=2000585

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.14-rc1 or later. 2. For distributions: Apply vendor patches (e.g., 'yum update kernel' for RHEL, 'apt update && apt upgrade' for Debian). 3. Reboot system after kernel update.

🔧 Temporary Workarounds

Disable NFC subsystem

linux

Remove or blacklist NFC kernel modules to prevent exploitation

modprobe -r nfc
echo 'blacklist nfc' >> /etc/modprobe.d/blacklist-nfc.conf

🧯 If You Can't Patch

Disable NFC functionality if not required
Implement strict access controls to limit local user privileges

🔍 How to Verify

Check if Vulnerable:

Check kernel version: 'uname -r' and compare with affected versions. Check if NFC modules are loaded: 'lsmod | grep nfc'

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.14-rc1 or later: 'uname -r'. Check for applied patches via distribution-specific commands.

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages related to NFC
Unexpected kernel module loading/unloading
Privilege escalation attempts

Network Indicators:

N/A - local exploitation only

SIEM Query:

source="kernel" AND ("nfc" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2021-3760

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: February 16, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=2000585 Issue Tracking,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0007/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2000585 Issue Tracking,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html Mailing List,Third Party Advisory
https://security.netapp.com/advisory/ntap-20220318-0007/ Third Party Advisory
https://www.debian.org/security/2022/dsa-5096 Third Party Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Fedora by Fedoraproject

H300e Firmware by Netapp

H300s Firmware by Netapp

H410c Firmware by Netapp

H410s Firmware by Netapp

H500e Firmware by Netapp

H500s Firmware by Netapp

H700e Firmware by Netapp

H700s Firmware by Netapp

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

Linux Kernel by Linux

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable NFC subsystem

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities