CVE-2021-3609

CWE-362 — Race Condition27 documents8 sources

Severity

7.0HIGH

EPSS

0.1%

top 81.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Redhat 3scale API Management Redhat Build OF Quarkus +18 more

Timeline

PublishedMar 3

Latest updateJul 13

Description

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages39 packages

▶NVDlinux/linux_kernel2.6.25 — 4.4.276+7

▶Debianlinux< 5.10.46-1+3

▶Ubuntulinux< 4.15.0-147.151+3

▶Ubuntulinux-aws< 4.15.0-1106.113+2

▶Ubuntulinux-gcp< 5.4.0-1046.49+2

Also affects: Enterprise Linux 8.2, 8.1, 8.4, 8.0, Openshift Container Platform 4.6, 4.7, 4.8

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

linux-aws vulnerabilities↗2022-07-13

▶

OSV

linux-lts-xenial, linux-kvm vulnerabilities↗2022-07-07

▶

GHSA

GHSA-rv9w-mxpp-hwhj↗2022-03-04

▶

OSV

CVE-2021-3609↗2022-03-03

▶

CVEList

CVE-2021-3609↗2022-03-03

▶

📋Vendor Advisories

Ubuntu

Linux kernel (AWS) vulnerabilities↗2022-07-13

▶

Ubuntu

Linux kernel vulnerabilities↗2022-07-07

▶

Microsoft

.A flaw was found in the CAN BCM networking protocol in the Linux kernel where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory crash the system or escalate privileges. This ra↗2022-03-08

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-09-16

▶

Ubuntu

Kernel Live Patch Security Notice↗2021-07-19

▶