Norbert Slusarek

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.0-rc1 through 5.4.193+ **Description** A race condition was found in the Linux kernel's perf event open() function, which can be exploited by an unprivileged user to gain root privileges. The bug allows for the creation of several exploit primitives, such as kernel address information leak and arbitrary execution. This issue is caused by a use-after-free condition in the perf subsystem, which can be used to initiate access to already freed kernel memory. **Recommendations** For Linux kernel versions 4.0-rc1 through 5.4.193+, consider upgrading to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 2.6.25 through 5.13-rc6 **Description** A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This issue is caused by a race condition in the implementation of the CAN BCM protocol. The problem allows for local privilege escalation to root. **Recommendations** For Linux kernel versions 2.6.25 through 5.13-rc6, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `net/can/bcm.c` module to minimize the risk of exploitation. Avoid using the CAN BCM protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.12.10 **Description** The issue allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. This is due to a lack of initialization of a certain data structure in the net/can/bcm.c component of the Linux kernel. **Recommendations** For Linux kernel versions through 5.12.10, update to a version later than 5.12.10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 5.11 through 5.12.2 **Description** The issue is related to the `isotp setsockopt` function in the `net/can/isotp.c` component of the Linux kernel, which involves the use of memory after it has been freed. This can allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can also be exploited for privilege escalation to root by leveraging the use-after-free, affecting the Linux kernel versions 5.11 through 5.12.2. Earlier versions that lack CAN ISOTP SF BROADCAST support are not affected. **Recommendations** For Linux kernel versions 5.11 through 5.12.2, update to a version that includes the fix for the `isotp setsockopt` use-after-free issue. As a temporary workaround, consider restricting access to the `isotp setsockopt` function in the `net/can/isotp.c` component until a patch is available.