Unrated severityNVD Advisory· Published Nov 12, 2021· Updated Nov 4, 2025
Memory leak in BlueZ
CVE-2021-41229
Description
BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdp_cstate_alloc_buf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object, which can be caused by an attacker continuously sending sdp packets and this may cause the service of the target device to crash.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28- osv-coords26 versionspkg:rpm/almalinux/bluezpkg:rpm/almalinux/bluez-cupspkg:rpm/almalinux/bluez-hid2hcipkg:rpm/almalinux/bluez-libspkg:rpm/almalinux/bluez-libs-develpkg:rpm/almalinux/bluez-obexdpkg:rpm/opensuse/bluez&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/bluez&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/bluez&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/bluez&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP4pkg:rpm/suse/bluez&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/bluez&distro=SUSE%20Manager%20Server%204.2
< 5.56-3.el8+ 25 more
- (no CPE)range: < 5.56-3.el8
- (no CPE)range: < 5.56-3.el8
- (no CPE)range: < 5.56-3.el8
- (no CPE)range: < 5.56-3.el8
- (no CPE)range: < 5.56-3.el8
- (no CPE)range: < 5.56-3.el8
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.48-150000.5.54.1
- (no CPE)range: < 5.48-150200.13.30.1
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.13-5.42.2
- (no CPE)range: < 5.48-150000.5.54.1
- (no CPE)range: < 5.48-150200.13.30.1
- (no CPE)range: < 5.13-5.42.2
- (no CPE)range: < 5.48-150000.5.54.1
- (no CPE)range: < 5.48-150200.13.30.1
- (no CPE)range: < 5.13-5.42.2
- (no CPE)range: < 5.13-5.42.2
- (no CPE)range: < 5.62-150400.4.16.1
- (no CPE)range: < 5.55-150300.3.25.1
- (no CPE)range: < 5.55-150300.3.25.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.