CVE-2021-3609

moderate-risk

Published 2022-03-03

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Do I need to act?

0.06% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (20)

Linux Kernel

3Scale Api Management

Build Of Quarkus

Codeready Linux Builder Eus

Codeready Linux Builder For Power Little Endian Eus

Openshift Container Platform

Virtualization

Virtualization Host

Enterprise Linux Aus

Enterprise Linux Eus

Enterprise Linux For Ibm Z Systems Eus

Enterprise Linux For Ibm Z Systems Eus S390X

Affected Vendors

Redhat Linux Netapp

References (10)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1971651

Exploit https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3...

Patch https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e46...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220419-0004/

Mailing List https://www.openwall.com/lists/oss-security/2021/06/19/1

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1971651

Exploit https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3...

Patch https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e46...

Third Party Advisory https://security.netapp.com/advisory/ntap-20220419-0004/

Mailing List https://www.openwall.com/lists/oss-security/2021/06/19/1

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 26/34 · High