UBUNTU-CVE-2021-3609

Description

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

CVSS Metrics

• v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Systems

• ubuntu•linux

  all | < 4.4.0-229.263 | < 4.15.0-147.151 | < 5.4.0-77.86

• ubuntu•linux-aws

  < 4.4.0-1109.115 | < 4.4.0-1145.160 | < 4.15.0-1106.113 | < 5.4.0-1051.53

• ubuntu•linux-aws-5.0

  all

• ubuntu•linux-aws-5.11

  < 5.11.0-1014.15~20.04.1

• ubuntu•linux-aws-5.3

  all

• ubuntu•linux-aws-5.4

  < 5.4.0-1051.53~18.04.1

• ubuntu•linux-aws-5.8

  < 5.8.0-1038.40~20.04.1

• ubuntu•linux-aws-fips

  < 4.15.0-2048.50 | all | < 5.4.0-1069.73+fips2

• ubuntu•linux-aws-hwe

  < 4.15.0-1106.113~16.04.1

• ubuntu•linux-azure

  < 4.15.0-1118.131~14.04.1 | < 4.15.0-1118.131~16.04.1 | all | < 5.4.0-1051.53

• ubuntu•linux-azure-4.15

  < 4.15.0-1118.131

• ubuntu•linux-azure-5.11

  < 5.11.0-1012.13~20.04.1

• ubuntu•linux-azure-5.3

  all

• ubuntu•linux-azure-5.4

  < 5.4.0-1051.53~18.04.1

• ubuntu•linux-azure-5.8

  < 5.8.0-1036.38~20.04.1

• ubuntu•linux-azure-edge

  all

• ubuntu•linux-azure-fips

  < 4.15.0-2030.33 | all | < 5.4.0-1073.76+fips1

• ubuntu•linux-bluefield

  < 5.4.0-1016.19

• ubuntu•linux-dell300x

  < 4.15.0-1022.26

• ubuntu•linux-fips

  < 4.4.0-1079.86 | all | < 4.15.0-1063.71 | < 5.4.0-1028.32

• ubuntu•linux-gcp

  < 4.15.0-1103.116~16.04.1 | all | < 5.4.0-1046.49

• ubuntu•linux-gcp-4.15

  < 4.15.0-1103.116

• ubuntu•linux-gcp-5.11

  < 5.11.0-1014.16~20.04.1

• ubuntu•linux-gcp-5.3

  all

• ubuntu•linux-gcp-5.4

  < 5.4.0-1046.49~18.04.1

• ubuntu•linux-gcp-5.8

  < 5.8.0-1035.37~20.04.1

• ubuntu•linux-gcp-edge

  all

• ubuntu•linux-gcp-fips

  all | < 5.4.0-1067.71~20.04.1

• ubuntu•linux-gke

  < 5.4.0-1046.48

• ubuntu•linux-gke-4.15

  all

• ubuntu•linux-gke-5.3

  < 5.3.0-1044.47

• ubuntu•linux-gke-5.4

  < 5.4.0-1046.48~18.04.1

• ubuntu•linux-gkeop

  < 5.4.0-1018.19

• ubuntu•linux-gkeop-5.4

  < 5.4.0-1018.19~18.04.1

• ubuntu•linux-hwe

  < 4.15.0-147.151~16.04.1 | < 5.3.0-75.71

• ubuntu•linux-hwe-5.4

  < 5.4.0-77.86~18.04.1

• ubuntu•linux-hwe-5.8

  < 5.8.0-59.66~20.04.1

• ubuntu•linux-hwe-edge

  all | all

• ubuntu•linux-intel-iot-realtime

  all

• ubuntu•linux-kvm

  < 4.4.0-1110.120 | < 4.15.0-1094.96 | < 5.4.0-1044.46

• ubuntu•linux-lts-xenial

  < 4.4.0-229.263~14.04.1

• ubuntu•linux-nvidia

  all

• ubuntu•linux-oem

  all

• ubuntu•linux-oem-5.10

  < 5.10.0-1033.34

• ubuntu•linux-oem-5.13

  < 5.13.0-1012.16

• ubuntu•linux-oem-5.6

  all

• ubuntu•linux-oracle

  < 4.15.0-1075.83~16.04.1 | < 4.15.0-1075.83 | < 5.4.0-1048.52

• ubuntu•linux-oracle-5.0

  all

• ubuntu•linux-oracle-5.11

  < 5.11.0-1013.14~20.04.1

• ubuntu•linux-oracle-5.3

  all

Showing first 50 affected entries in server-rendered view.

References (16)

• https://ubuntu.com/security/CVE-2021-3609
• https://www.openwall.com/lists/oss-security/2021/06/19/1
• https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/T/#u
• https://lore.kernel.org/netdev/20210618071532.kr7o2rnx6ia4t6n6@pengutronix.de/T/#t
• https://ubuntu.com/security/notices/USN-4997-1
• https://ubuntu.com/security/notices/USN-4999-1
• https://ubuntu.com/security/notices/USN-5000-1
• https://ubuntu.com/security/notices/USN-5001-1
• https://ubuntu.com/security/notices/USN-5002-1
• https://ubuntu.com/security/notices/USN-5003-1
• https://ubuntu.com/security/notices/USN-5000-2
• https://ubuntu.com/security/notices/USN-4997-2
• https://ubuntu.com/security/notices/USN-5082-1
• https://ubuntu.com/security/notices/USN-5505-1
• https://ubuntu.com/security/notices/USN-5513-1
• https://www.cve.org/CVERecord?id=CVE-2021-3609