Lucene search

[email protected]NVD:CVE-2021-3609

HistoryMar 03, 2022 - 7:15 p.m.

CVE-2021-3609

2022-03-0319:15:08

CWE-362

[email protected]

web.nvd.nist.gov

linux

kernel

networking

protocol

privilege escalation

bcm

local attacker

memory corruption

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Affected configurations

Nvd

Node

linuxlinux_kernelRange2.6.25–4.4.276

linuxlinux_kernelRange4.5–4.9.276

linuxlinux_kernelRange4.10–4.14.240

linuxlinux_kernelRange4.15–4.19.198

linuxlinux_kernelRange4.20–5.4.132

linuxlinux_kernelRange5.5.0–5.10.50

linuxlinux_kernelRange5.11–5.12.17

linuxlinux_kernelRange5.13–5.13.2

Node

redhat3scale_api_managementMatch2.0

redhatbuild_of_quarkusMatch1.0

redhatcodeready_linux_builder_eusMatch8.1

redhatcodeready_linux_builder_eusMatch8.2

redhatcodeready_linux_builder_eusMatch8.4

redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.1

redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.2

redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.4

redhatopenshift_container_platformMatch4.6

redhatopenshift_container_platformMatch4.7

redhatopenshift_container_platformMatch4.8

redhatvirtualizationMatch4.0

redhatvirtualization_hostMatch4.0

redhatenterprise_linux_ausMatch8.2

redhatenterprise_linux_eusMatch8.1

redhatenterprise_linux_eusMatch8.2

redhatenterprise_linux_eusMatch8.4

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.4

redhatenterprise_linux_for_ibm_z_systems_eus_s390xMatch8.1

redhatenterprise_linux_for_power_little_endian_eusMatch8.1

redhatenterprise_linux_for_power_little_endian_eusMatch8.2

redhatenterprise_linux_for_power_little_endian_eusMatch8.4

redhatenterprise_linux_for_real_timeMatch8.0

redhatenterprise_linux_for_real_time_for_nfvMatch8.0

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.0

redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.2

redhatenterprise_linux_for_real_time_tusMatch8.0

redhatenterprise_linux_for_real_time_tusMatch8.2

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.1

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.2

redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.4

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.1

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.2

redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.4

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph300e_firmwareMatch-

AND

netapph300eMatch-

Node

netapph500e_firmwareMatch-

AND

netapph500eMatch-

Node

netapph700e_firmwareMatch-

AND

netapph700eMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

Node

netapph610c_firmwareMatch-

AND

netapph610cMatch-

Node

netapph610s_firmwareMatch-

AND

netapph610sMatch-

Node

netapph615c_firmwareMatch-

AND

netapph615cMatch-

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
redhat3scale_api_management2.0cpe:2.3:a:redhat:3scale_api_management:2.0:*:*:*:*:*:*:*
redhatbuild_of_quarkus1.0cpe:2.3:a:redhat:build_of_quarkus:1.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder_eus8.1cpe:2.3:a:redhat:codeready_linux_builder_eus:8.1:*:*:*:*:*:*:*
redhatcodeready_linux_builder_eus8.2cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:*:*:*:*:*:*:*
redhatcodeready_linux_builder_eus8.4cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_power_little_endian_eus8.1cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_power_little_endian_eus8.2cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_power_little_endian_eus8.4cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
redhatopenshift_container_platform4.6cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
redhat	3scale_api_management	2.0	cpe:2.3:a:redhat:3scale_api_management:2.0:::::::*
redhat	build_of_quarkus	1.0	cpe:2.3:a:redhat:build_of_quarkus:1.0:::::::*
redhat	codeready_linux_builder_eus	8.1	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.1:::::::*
redhat	codeready_linux_builder_eus	8.2	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.2:::::::*
redhat	codeready_linux_builder_eus	8.4	cpe:2.3:a:redhat:codeready_linux_builder_eus:8.4:::::::*
redhat	codeready_linux_builder_for_power_little_endian_eus	8.1	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.1:::::::*
redhat	codeready_linux_builder_for_power_little_endian_eus	8.2	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.2:::::::*
redhat	codeready_linux_builder_for_power_little_endian_eus	8.4	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:8.4:::::::*
redhat	openshift_container_platform	4.6	cpe:2.3:a:redhat:openshift_container_platform:4.6:::::::*