Vulnerability CVE-2021-3609


Published: 2022-03-03

Description:
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Type:

CWE-362

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux for real time for nfv tus 
Redhat -> Enterprise linux for real time tus 
Redhat -> 3scale api management 
Redhat -> Enterprise linux server aus 
Redhat -> Build of quarkus 
Redhat -> Enterprise linux server for power little endian update services for sap solutions 
Redhat -> Openshift container platform 
Redhat -> Enterprise linux server tus 
Redhat -> Virtualization 
Redhat -> Enterprise linux server update services for sap solutions 
Redhat -> Virtualization host 
Redhat -> Codeready linux builder eus 
Redhat -> Codeready linux builder for power little endian eus 
Redhat -> Enterprise linux aus 
Redhat -> Enterprise linux eus 
Redhat -> Enterprise linux for ibm z systems eus 
Redhat -> Enterprise linux for ibm z systems eus s390x 
Redhat -> Enterprise linux for power little endian eus 
Redhat -> Enterprise linux for real time 
Redhat -> Enterprise linux for real time for nfv 
Linux -> Linux kernel 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1971651
https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
https://www.openwall.com/lists/oss-security/2021/06/19/1

Copyright 2022, cxsecurity.com

 

Back to Top