.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1971651 | Issue Tracking Third Party Advisory |
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md | Exploit Technical Description Third Party Advisory |
https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463 | Patch Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220419-0004/ | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/06/19/1 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
11 Aug 2023, 19:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* |
16 May 2023, 22:39
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* |
cpe:2.3:o:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* |
12 Feb 2023, 23:41
Type | Values Removed | Values Added |
---|---|---|
Summary | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. | |
References |
|
02 Feb 2023, 21:21
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. | |
References |
|
06 Oct 2022, 16:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:* |
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* |
First Time |
Netapp h500s
Netapp h500e Firmware Netapp h410s Firmware Netapp h700s Netapp h700e Netapp h410c Firmware Netapp h610c Firmware Netapp h615c Netapp h500s Firmware Netapp h500e Netapp h700e Firmware Netapp h610c Netapp h610s Firmware Netapp h300e Netapp h615c Firmware Netapp h610s Netapp h300e Firmware Netapp h300s Netapp h410c Netapp Netapp h300s Firmware Netapp h700s Firmware Netapp h410s |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220419-0004/ - Third Party Advisory |
19 Apr 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Mar 2022, 15:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux For Real Time Tus
Redhat enterprise Linux Aus Redhat codeready Linux Builder Eus Redhat enterprise Linux For Real Time For Nfv Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Update Services For Sap Solutions Redhat virtualization Host Redhat virtualization Redhat build Of Quarkus Linux linux Kernel Redhat 3scale Api Management Linux Redhat enterprise Linux For Ibm Z Systems Eus S390x Redhat enterprise Linux For Real Time Redhat codeready Linux Builder For Power Little Endian Eus Redhat enterprise Linux For Real Time For Nfv Tus Redhat enterprise Linux For Ibm Z Systems Eus Redhat openshift Container Platform Redhat |
|
CPE | cpe:2.3:a:linux:linux_kernel:5.13:rc1:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc2:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc6:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.2:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc4:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv_tus:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time_tus:8.0:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc5:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_real_time:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_quarkus:1.0:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:* cpe:2.3:a:linux:linux_kernel:5.13:rc3:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:* |
|
References | (MISC) https://www.openwall.com/lists/oss-security/2021/06/19/1 - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md - Exploit, Technical Description, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1971651 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463 - Patch, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.0 |
CWE | CWE-362 |
03 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-03 19:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-3609
Mitre link : CVE-2021-3609
CVE.ORG link : CVE-2021-3609
JSON object : View
Products Affected
netapp
- h700s_firmware
- h610c_firmware
- h410s
- h615c_firmware
- h500e_firmware
- h500e
- h615c
- h700e_firmware
- h300s
- h700s
- h610s_firmware
- h610c
- h300e
- h700e
- h410s_firmware
- h500s
- h300s_firmware
- h410c
- h500s_firmware
- h300e_firmware
- h610s
- h410c_firmware
redhat
- virtualization_host
- 3scale_api_management
- codeready_linux_builder_eus
- virtualization
- enterprise_linux_server_aus
- build_of_quarkus
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_for_ibm_z_systems_eus_s390x
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_for_real_time_for_nfv_tus
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- codeready_linux_builder_for_power_little_endian_eus
- enterprise_linux_eus
- enterprise_linux_for_real_time
- enterprise_linux_aus
- enterprise_linux_for_real_time_for_nfv
- enterprise_linux_server_tus
- openshift_container_platform
- enterprise_linux_for_real_time_tus
linux
- linux_kernel
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')