CVE-2021-3609

kernel: race condition in net/can/bcm.c leads to local privilege escalation

Severity Score

7.0

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Se ha encontrado un fallo en el protocolo de red CAN BCM en el kernel de Linux, donde un atacante local puede abusar de un fallo en el subsistema CAN para corromper la memoria, bloquear el sistema o escalar privilegios. Esta condición de carrera en el archivo net/can/bcm.c en el kernel de Linux permite una escalada de privilegios local a root

A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-06-18 CVE Reserved
2021-06-23 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CAPEC

References (6)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20220419-0004	Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/06/19/1	Mailing List

URL	Date	SRC
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md	2024-08-03

URL	Date	SRC
https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463	2023-08-11

URL	Date	SRC
https://bugzilla.redhat.com/show_bug.cgi?id=1971651	2021-09-07
https://access.redhat.com/security/cve/CVE-2021-3609	2021-09-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Netapp Search vendor "Netapp"	H300e Firmware Search vendor "Netapp" for product "H300e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300e Search vendor "Netapp" for product "H300e"	-	-	Safe
Netapp Search vendor "Netapp"	H500e Firmware Search vendor "Netapp" for product "H500e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500e Search vendor "Netapp" for product "H500e"	-	-	Safe
Netapp Search vendor "Netapp"	H700e Firmware Search vendor "Netapp" for product "H700e Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700e Search vendor "Netapp" for product "H700e"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Netapp Search vendor "Netapp"	H410c Firmware Search vendor "Netapp" for product "H410c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410c Search vendor "Netapp" for product "H410c"	-	-	Safe
Netapp Search vendor "Netapp"	H610c Firmware Search vendor "Netapp" for product "H610c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H610c Search vendor "Netapp" for product "H610c"	-	-	Safe
Netapp Search vendor "Netapp"	H610s Firmware Search vendor "Netapp" for product "H610s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H610s Search vendor "Netapp" for product "H610s"	-	-	Safe
Netapp Search vendor "Netapp"	H615c Firmware Search vendor "Netapp" for product "H615c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H615c Search vendor "Netapp" for product "H615c"	-	-	Safe
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 2.6.25 < 4.4.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.25 < 4.4.276"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.5 < 4.9.276 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.5 < 4.9.276"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.10 < 4.14.240 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.10 < 4.14.240"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.15 < 4.19.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.15 < 4.19.198"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.20 < 5.4.132 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.20 < 5.4.132"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.5.0 < 5.10.50 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.5.0 < 5.10.50"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.11 < 5.12.17 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.11 < 5.12.17"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.13 < 5.13.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.13 < 5.13.2"		-		Affected
Redhat Search vendor "Redhat"		3scale Api Management Search vendor "Redhat" for product "3scale Api Management"				2.0 Search vendor "Redhat" for product "3scale Api Management" and version "2.0"		-		Affected
Redhat Search vendor "Redhat"		Build Of Quarkus Search vendor "Redhat" for product "Build Of Quarkus"				1.0 Search vendor "Redhat" for product "Build Of Quarkus" and version "1.0"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus"				8.1 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus"				8.2 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus"				8.4 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus"				8.1 Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus"				8.2 Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus"				8.4 Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				4.6 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.6"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				4.7 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.7"		-		Affected
Redhat Search vendor "Redhat"		Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform"				4.8 Search vendor "Redhat" for product "Openshift Container Platform" and version "4.8"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Search vendor "Redhat" for product "Virtualization"				4.0 Search vendor "Redhat" for product "Virtualization" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Virtualization Host Search vendor "Redhat" for product "Virtualization Host"				4.0 Search vendor "Redhat" for product "Virtualization Host" and version "4.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus"				8.2 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				8.4 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				8.4 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus S390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus S390x"				8.1 Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus S390x" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				8.1 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				8.2 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				8.4 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time Search vendor "Redhat" for product "Enterprise Linux For Real Time"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Real Time" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time For Nfv Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time For Nfv Tus Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv Tus"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv Tus" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time For Nfv Tus Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv Tus"				8.2 Search vendor "Redhat" for product "Enterprise Linux For Real Time For Nfv Tus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time Tus Search vendor "Redhat" for product "Enterprise Linux For Real Time Tus"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Real Time Tus" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Real Time Tus Search vendor "Redhat" for product "Enterprise Linux For Real Time Tus"				8.2 Search vendor "Redhat" for product "Enterprise Linux For Real Time Tus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				8.1 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				8.2 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"				8.4 Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				8.1 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.1"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				8.2 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Update Services For Sap Solutions Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"				8.4 Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.4"		-		Affected