CVE-2021-3609

Advisory lineage Upstream: 0 Downstream: 47

Downstream

DEBIAN-CVE-2021-3609 DLA-2713-1 DLA-2714-1 DSA-4941-1 LSN-0078-1 MGASA-2021-0366

Modified

Published: 03 Mar 2022, 18:24

Last modified:03 Aug 2024, 17:01

Vulnerability Summary

Overall Risk (default)

medium

38/100

CVSS Score

7 HIGH

v3.1 (nvd)

EPSS Score

0.06% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

03 Mar 2022, 18:24

Published

Vulnerability first disclosed

03 Aug 2024, 17:01

Last Modified

Vulnerability information updated

Description

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

CVSS Metrics

v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.06%• Percentile: 19%

Techniques & Countermeasures

CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

linux•linux_kernel
≥ 2.6.25, < 4.4.276 | ≥ 4.5, < 4.9.276 | ≥ 4.10, < 4.14.240 | ≥ 4.15, < 4.19.198 | ≥ 4.20, < 5.4.132 | ≥ 5.5.0, < 5.10.50 | ≥ 5.11, < 5.12.17 | ≥ 5.13, < 5.13.2
netapp•h300e
na
netapp•h300s_firmware
na
netapp•h410c_firmware
na
netapp•h410s_firmware
na
netapp•h500e
na
netapp•h500s_firmware
na
netapp•h610c_firmware
na
netapp•h610s_firmware
na
netapp•h615c_firmware
na
netapp•h700e
na
netapp•h700s_firmware
na
redhat•3scale_api_management
2.0
redhat•build_of_quarkus
1.0
redhat•codeready_linux_builder_eus
8.1 | 8.2 | 8.4
redhat•codeready_linux_builder_for_power_little_endian_eus
8.1 | 8.2 | 8.4
redhat•enterprise_linux_aus
8.2
redhat•enterprise_linux_eus
8.1 | 8.2 | 8.4
redhat•enterprise_linux_for_ibm_z_systems_eus
8.4
redhat•enterprise_linux_for_ibm_z_systems_eus_s390x
8.1
redhat•enterprise_linux_for_power_little_endian_eus
8.1 | 8.2 | 8.4
redhat•enterprise_linux_for_real_time
8.0
redhat•enterprise_linux_for_real_time_for_nfv
8.0
redhat•enterprise_linux_for_real_time_for_nfv_tus
8.0 | 8.2
redhat•enterprise_linux_for_real_time_tus
8.0 | 8.2
redhat•enterprise_linux_server_aus
8.2 | 8.4
redhat•enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.1 | 8.2 | 8.4
redhat•enterprise_linux_server_tus
8.2 | 8.4
redhat•enterprise_linux_server_update_services_for_sap_solutions
8.1 | 8.2 | 8.4
redhat•openshift_container_platform
4.6 | 4.7 | 4.8
redhat•virtualization
4.0
redhat•virtualization_host
4.0