CVE-2021-32606 — Use After Free in Kernel

CWE-416 — Use After Free5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 85.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Fedoraproject Fedora Debian Linux

Timeline

PublishedMay 11

Latest updateMay 24

Description

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDlinux/linux_kernel5.11 — 5.12.9

▶debiandebian/linux

Also affects: Fedora 32, 33, 34

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-pp6w-hmm3-7p57: In the Linux kernel 5↗2022-05-24

▶

OSV

CVE-2021-32606: In the Linux kernel 5↗2021-05-11

▶

📋Vendor Advisories

Red Hat

kernel: isotp_setsockopt in net/can/isotp.c allows privilege escalation via use-after-free↗2021-05-12

▶

Debian

CVE-2021-32606: linux - In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c all...↗2021

▶