7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
.A flaw was found in the CAN BCM networking protocol in the Linux kernel,
where a local attacker can abuse a flaw in the CAN subsystem to corrupt
memory, crash the system or escalate privileges. This race condition in
net/can/bcm.c in the Linux kernel allows for local privilege escalation to
root.
Author | Note |
---|---|
cascardo | On 4.4 kernels, a CAN device needs to be present. Otherwise, a virtual device cannot be created without manually loading vcan module. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-147.151 | UNKNOWN |
ubuntu | 20.04 | noarch | linux | < 5.4.0-77.86 | UNKNOWN |
ubuntu | 20.10 | noarch | linux | < 5.8.0-59.66 | UNKNOWN |
ubuntu | 21.04 | noarch | linux | < 5.11.0-22.23 | UNKNOWN |
ubuntu | 16.04 | noarch | linux | < 4.4.0-229.263) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1106.113 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < 5.4.0-1051.53 | UNKNOWN |
ubuntu | 20.10 | noarch | linux-aws | < 5.8.0-1038.40 | UNKNOWN |
ubuntu | 21.04 | noarch | linux-aws | < 5.11.0-1011.11 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-aws | < 4.4.0-1109.115) Available with Ubuntu Pro or Ubuntu Pro (Infra-only | UNKNOWN |
launchpad.net/bugs/cve/CVE-2021-3609
lore.kernel.org/netdev/[email protected]/T/#t
lore.kernel.org/netdev/[email protected]/T/#u
nvd.nist.gov/vuln/detail/CVE-2021-3609
security-tracker.debian.org/tracker/CVE-2021-3609
ubuntu.com/security/notices/USN-4997-1
ubuntu.com/security/notices/USN-4997-2
ubuntu.com/security/notices/USN-4999-1
ubuntu.com/security/notices/USN-5000-1
ubuntu.com/security/notices/USN-5000-2
ubuntu.com/security/notices/USN-5001-1
ubuntu.com/security/notices/USN-5002-1
ubuntu.com/security/notices/USN-5003-1
ubuntu.com/security/notices/USN-5082-1
ubuntu.com/security/notices/USN-5505-1
ubuntu.com/security/notices/USN-5513-1
www.cve.org/CVERecord?id=CVE-2021-3609
www.openwall.com/lists/oss-security/2021/06/19/1
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%