← Back to CVEs
CVE-2021-3609
HIGH7.0
Description
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
CVE Details
CVSS v3.1 Score7.0
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published3/3/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
linux:linux_kernelnetapp:h300enetapp:h300e_firmwarenetapp:h300snetapp:h300s_firmwarenetapp:h410cnetapp:h410c_firmwarenetapp:h410snetapp:h410s_firmwarenetapp:h500enetapp:h500e_firmwarenetapp:h500snetapp:h500s_firmwarenetapp:h610cnetapp:h610c_firmwarenetapp:h610snetapp:h610s_firmwarenetapp:h615cnetapp:h615c_firmwarenetapp:h700enetapp:h700e_firmwarenetapp:h700snetapp:h700s_firmwareredhat:3scale_api_managementredhat:build_of_quarkusredhat:codeready_linux_builder_eusredhat:codeready_linux_builder_for_power_little_endian_eusredhat:enterprise_linux_ausredhat:enterprise_linux_eusredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_ibm_z_systems_eus_s390xredhat:enterprise_linux_for_power_little_endian_eusredhat:enterprise_linux_for_real_timeredhat:enterprise_linux_for_real_time_for_nfvredhat:enterprise_linux_for_real_time_for_nfv_tusredhat:enterprise_linux_for_real_time_tusredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsredhat:enterprise_linux_server_tusredhat:enterprise_linux_server_update_services_for_sap_solutionsredhat:openshift_container_platformredhat:virtualizationredhat:virtualization_host
Weaknesses (CWE)
CWE-362CWE-362
References
https://bugzilla.redhat.com/show_bug.cgi?id=1971651(secalert@redhat.com)
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md(secalert@redhat.com)
https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463(secalert@redhat.com)
https://security.netapp.com/advisory/ntap-20220419-0004/(secalert@redhat.com)
https://www.openwall.com/lists/oss-security/2021/06/19/1(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1971651(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20220419-0004/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2021/06/19/1(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.