PT-2021-3382 · Linux+10 · Linux Kernel+10

Norbert Slusarek

+1

·

Published

2021-06-19

·

Updated

2025-09-29

·

CVE-2021-3609

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.25 through 5.13-rc6
Description A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This issue is caused by a race condition in the implementation of the CAN BCM protocol. The problem allows for local privilege escalation to root.
Recommendations For Linux kernel versions 2.6.25 through 5.13-rc6, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to the net/can/bcm.c module to minimize the risk of exploitation. Avoid using the CAN BCM protocol until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

LPE

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2021:3057
ALSA-2024_2394
ALSA-2025_16880
ALT-PU-2021-2284
ALT-PU-2021-2486
ALT-PU-2021-2616
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2022-1240
ALT-PU-2022-1419
ALT-PU-2022-1421
ALT-PU-2023-1814
BDU:2021-03233
CESA-2021_3044
CESA-2021_3057
CESA-2021_3088
CVE-2021-3609
DLA-2713-1
DLA-2713-2
DLA-2714-1
DSA-4941-1
ELSA-2021-3057
ELSA-2021-9442
ELSA-2021-9450
ELSA-2021-9451
ELSA-2021-9452
ELSA-2021-9453
LSN-0078-1
MGASA-2021-0366
MGASA-2021-0367
OESA-2021-1279
OPENSUSE-SU-2021:1076-1
OPENSUSE-SU-2021:2427-1
OPENSUSE-SU-2021:2645-1
OPENSUSE-SU-2021:2687-1
OPENSUSE-SU-2021_1076-1
OPENSUSE-SU-2021_2427-1
OPENSUSE-SU-2021_2645-1
OPENSUSE-SU-2021_2687-1
RHSA-2021:3044
RHSA-2021:3057
RHSA-2021:3088
RHSA-2021:3235
RHSA-2021:3363
RHSA-2021:3375
RHSA-2021:3380
RHSA-2021:3442
RHSA-2021:3444
RHSA-2021_3057
RHSA-2021_3088
RLSA-2021:3057
RLSA-2021:3088
RLSA-2021_3057
RLSA-2021_3088
SUSE-SU-2021:14849-1
SUSE-SU-2021:2406-1
SUSE-SU-2021:2407-1
SUSE-SU-2021:2408-1
SUSE-SU-2021:2416-1
SUSE-SU-2021:2421-1
SUSE-SU-2021:2422-1
SUSE-SU-2021:2427-1
SUSE-SU-2021:2438-1
SUSE-SU-2021:2451-1
SUSE-SU-2021:2599-1
SUSE-SU-2021:2599-2
SUSE-SU-2021:2643-1
SUSE-SU-2021:2645-1
SUSE-SU-2021:2687-1
SUSE-SU-2021:2746-1
SUSE-SU-2021:2842-1
SUSE-SU-2021_14849-1
SUSE-SU-2021_2645-1
SUSE-SU-2021_2687-1
SUSE-SU-2021_2746-1
SUSE-SU-2021_2842-1
USN-4997-1
USN-4997-2
USN-4999-1
USN-5000-1
USN-5000-2
USN-5001-1
USN-5002-1
USN-5003-1
USN-5082-1
USN-5505-1
USN-5513-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu