Lucene search

K
nvd[email protected]NVD:CVE-2021-3609
HistoryMar 03, 2022 - 7:15 p.m.

CVE-2021-3609

2022-03-0319:15:08
CWE-362
web.nvd.nist.gov
3

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Affected configurations

NVD
Node
linuxlinux_kernelRange2.6.254.4.276
OR
linuxlinux_kernelRange4.54.9.276
OR
linuxlinux_kernelRange4.104.14.240
OR
linuxlinux_kernelRange4.154.19.198
OR
linuxlinux_kernelRange4.205.4.132
OR
linuxlinux_kernelRange5.5.05.10.50
OR
linuxlinux_kernelRange5.115.12.17
OR
linuxlinux_kernelRange5.135.13.2
Node
redhat3scale_api_managementMatch2.0
OR
redhatbuild_of_quarkusMatch1.0
OR
redhatcodeready_linux_builder_eusMatch8.1
OR
redhatcodeready_linux_builder_eusMatch8.2
OR
redhatcodeready_linux_builder_eusMatch8.4
OR
redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.1
OR
redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.2
OR
redhatcodeready_linux_builder_for_power_little_endian_eusMatch8.4
OR
redhatopenshift_container_platformMatch4.6
OR
redhatopenshift_container_platformMatch4.7
OR
redhatopenshift_container_platformMatch4.8
OR
redhatvirtualizationMatch4.0
OR
redhatvirtualization_hostMatch4.0
OR
redhatenterprise_linux_ausMatch8.2
OR
redhatenterprise_linux_eusMatch8.1
OR
redhatenterprise_linux_eusMatch8.2
OR
redhatenterprise_linux_eusMatch8.4
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch8.4
OR
redhatenterprise_linux_for_ibm_z_systems_eus_s390xMatch8.1
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.1
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.2
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.4
OR
redhatenterprise_linux_for_real_timeMatch8.0
OR
redhatenterprise_linux_for_real_time_for_nfvMatch8.0
OR
redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.0
OR
redhatenterprise_linux_for_real_time_for_nfv_tusMatch8.2
OR
redhatenterprise_linux_for_real_time_tusMatch8.0
OR
redhatenterprise_linux_for_real_time_tusMatch8.2
OR
redhatenterprise_linux_server_ausMatch8.2
OR
redhatenterprise_linux_server_ausMatch8.4
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.1
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.2
OR
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.4
OR
redhatenterprise_linux_server_tusMatch8.2
OR
redhatenterprise_linux_server_tusMatch8.4
OR
redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.1
OR
redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.2
OR
redhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.4
Node
netapph300s_firmwareMatch-
AND
netapph300sMatch-
Node
netapph500s_firmwareMatch-
AND
netapph500sMatch-
Node
netapph700s_firmwareMatch-
AND
netapph700sMatch-
Node
netapph300e_firmwareMatch-
AND
netapph300eMatch-
Node
netapph500e_firmwareMatch-
AND
netapph500eMatch-
Node
netapph700e_firmwareMatch-
AND
netapph700eMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
netapph410c_firmwareMatch-
AND
netapph410cMatch-
Node
netapph610c_firmwareMatch-
AND
netapph610cMatch-
Node
netapph610s_firmwareMatch-
AND
netapph610sMatch-
Node
netapph615c_firmwareMatch-
AND
netapph615cMatch-

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%