{"id":"CVE-2021-33034","details":"In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.","aliases":["A-194694600","PUB-A-194694600"],"modified":"2026-04-16T04:39:29.350899351Z","published":"2021-05-14T23:15:09.813Z","related":["ALSA-2021:2570","SUSE-SU-2021:1887-1","SUSE-SU-2021:1888-1","SUSE-SU-2021:1889-1","SUSE-SU-2021:1890-1","SUSE-SU-2021:1891-1","SUSE-SU-2021:1899-1","SUSE-SU-2021:1912-1","SUSE-SU-2021:1913-1","SUSE-SU-2021:1975-1","SUSE-SU-2021:1977-1","SUSE-SU-2021:2020-1","SUSE-SU-2021:2025-1","SUSE-SU-2021:2026-1","SUSE-SU-2021:2027-1","SUSE-SU-2021:2042-1","SUSE-SU-2021:2057-1","SUSE-SU-2021:2060-1","SUSE-SU-2021:2067-1","SUSE-SU-2021:2198-1","SUSE-SU-2021:2208-1","SUSE-SU-2021:2406-1","SUSE-SU-2021:2421-1","SUSE-SU-2021:2451-1","SUSE-SU-2021:2577-1","openSUSE-SU-2021:0843-1","openSUSE-SU-2021:0947-1","openSUSE-SU-2021:1975-1","openSUSE-SU-2021:1977-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html"},{"type":"FIX","url":"https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.4"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3"},{"type":"EVIDENCE","url":"https://sites.google.com/view/syzscope/kasan-use-after-free-read-in-hci_send_acl"},{"type":"EVIDENCE","url":"https://syzkaller.appspot.com/bug?id=2e1943a94647f7732dd6fc60368642d6e8dc91b1"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.12.4"}]},{"events":[{"introduced":"0"},{"last_affected":"34"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33034.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}