CVE-2021-3609: .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash…

high7CVSS 3.1

AVLACHPRLUINSUCHIHAH

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Affected

58 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	linux	< linux 5.10.46-1 (bookworm)	linux 5.10.46-1 (bookworm)
linux	linux_kernel	—	—
linux	linux_kernel	>= 0 < 5.10.46-1	5.10.46-1
linux	linux_kernel	>= 0 < 5.10.46-1	5.10.46-1
linux	linux_kernel	>= 0 < 5.10.46-1	5.10.46-1
linux	linux_kernel	>= 0 < 5.10.46-1	5.10.46-1
linux	linux_kernel	>= 0 < 4.15.0-147.151	4.15.0-147.151
linux	linux_kernel	>= 0 < 5.4.0-77.86	5.4.0-77.86
linux	linux_kernel	>= 0 < 4.15.0-147.151	4.15.0-147.151
linux	linux_kernel	>= 0 < 5.4.0-77.86	5.4.0-77.86
linux	linux_kernel	>= 2.6.25 < 4.4.276	4.4.276
linux	linux_kernel	>= 4.10 < 4.14.240	4.14.240
linux	linux_kernel	>= 4.15 < 4.19.198	4.19.198
linux	linux_kernel	>= 4.20 < 5.4.132	5.4.132
linux	linux_kernel	>= 4.5 < 4.9.276	4.9.276
linux	linux_kernel	>= 5.11 < 5.12.17	5.12.17
linux	linux_kernel	>= 5.13 < 5.13.2	5.13.2
linux	linux_kernel	>= 5.5.0 < 5.10.50	5.10.50
msrc	cm1_kernel_5.10.102.1-1_on_cbl_mariner_1.0	—	—
paloalto	pan-os	—	—
redhat	3scale_api_management	—	—
redhat	build_of_quarkus	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus	—	—
redhat	codeready_linux_builder_eus	—	—

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.0HIGH