CVE-2021-3609: Race Condition
First published: Mon Jun 14 2021(Updated: )
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kernel-rt | <0:4.18.0-305.12.1.rt7.84.el8_4 | 0:4.18.0-305.12.1.rt7.84.el8_4 |
| redhat/kernel | <0:4.18.0-305.12.1.el8_4 | 0:4.18.0-305.12.1.el8_4 |
| redhat/kernel | <0:4.18.0-147.54.2.el8_1 | 0:4.18.0-147.54.2.el8_1 |
| redhat/kernel-rt | <0:4.18.0-193.64.1.rt13.115.el8_2 | 0:4.18.0-193.64.1.rt13.115.el8_2 |
| redhat/kernel | <0:4.18.0-193.64.1.el8_2 | 0:4.18.0-193.64.1.el8_2 |
| redhat/redhat-virtualization-host | <0:4.4.7-20210804.0.el8_4 | 0:4.4.7-20210804.0.el8_4 |
| IBM Cloud Pak for Security | <=1.7.2.0 | |
| IBM Cloud Pak for Security | <=1.7.1.0 | |
| IBM Cloud Pak for Security | <=1.7.0.0 | |
| debian/linux | 5.10.223-1 5.10.226-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.16-1 | |
| Linux Kernel | >=2.6.25<4.4.276 | |
| Linux Kernel | >=4.5<4.9.276 | |
| Linux Kernel | >=4.10<4.14.240 | |
| Linux Kernel | >=4.15<4.19.198 | |
| Linux Kernel | >=4.20<5.4.132 | |
| Linux Kernel | >=5.5.0<5.10.50 | |
| Linux Kernel | >=5.11<5.12.17 | |
| Linux Kernel | >=5.13<5.13.2 | |
| Red Hat OpenShift API Management | =2.0 | |
| Red Hat Quarkus | =1.0 | |
| Red Hat CodeReady Linux Builder | =8.1 | |
| Red Hat CodeReady Linux Builder | =8.2 | |
| Red Hat CodeReady Linux Builder | =8.4 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.1 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.2 | |
| Red Hat CodeReady Linux Builder for Power, little endian | =8.4 | |
| Red Hat OpenShift Container Platform | =4.6 | |
| Red Hat OpenShift Container Platform | =4.7 | |
| Red Hat OpenShift Container Platform | =4.8 | |
| Red Hat Enterprise Virtualization | =4.0 | |
| Red Hat Virtualization Host EUS | =4.0 | |
| Red Hat Enterprise Linux | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.1 | |
| Red Hat Enterprise Linux Server EUS | =8.2 | |
| Red Hat Enterprise Linux Server EUS | =8.4 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.4 | |
| Red Hat Enterprise Linux for IBM Z Systems (s390x) | =8.1 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.1 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux for Real Time | =8.0 | |
| Red Hat Enterprise Linux for Real Time for NFV | =8.0 | |
| Red Hat Enterprise Linux for Real Time for NFV | =8.0 | |
| Red Hat Enterprise Linux for Real Time for NFV | =8.2 | |
| Red Hat Enterprise Linux for Real Time | =8.0 | |
| Red Hat Enterprise Linux for Real Time | =8.2 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.1 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.2 | |
| Red Hat Enterprise Linux for SAP Applications for Power, little endian - Extended Update Support | =8.4 | |
| Red Hat Enterprise Linux Server | =8.2 | |
| Red Hat Enterprise Linux Server | =8.4 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.1 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.2 | |
| Red Hat Enterprise Linux Server Update Services for SAP Solutions | =8.4 | |
| All of | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| All of | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700S | ||
| NetApp H700S | ||
| All of | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| All of | ||
| NetApp H500E | ||
| NetApp H500e Firmware | ||
| All of | ||
| NetApp H700E | ||
| NetApp H700E | ||
| All of | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| All of | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| All of | ||
| NetApp H610C | ||
| NetApp H610C Firmware | ||
| All of | ||
| NetApp H610S Firmware | ||
| NetApp H610S Firmware | ||
| All of | ||
| NetApp H615C | ||
| NetApp H615C | ||
| NetApp H300S Firmware | ||
| NetApp H300S Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H500e Firmware | ||
| NetApp H700S | ||
| NetApp H700S | ||
| NetApp H300E | ||
| NetApp H300E Firmware | ||
| NetApp H500E | ||
| NetApp H500e Firmware | ||
| NetApp H700E | ||
| NetApp H700E | ||
| NetApp H410S | ||
| NetApp H410S Firmware | ||
| NetApp H410C | ||
| NetApp H410C Firmware | ||
| NetApp H610C | ||
| NetApp H610C Firmware | ||
| NetApp H610S Firmware | ||
| NetApp H610S Firmware | ||
| NetApp H615C | ||
| NetApp H615C |
Remedy
As the CAN module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install can-bcm /bin/true" >> /etc/modprobe.d/disable-can-bcm.conf The system will need to be restarted if the CAN modules are loaded. In most circumstances, the CAN kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-3609 https://nvd.nist.gov/vuln/detail/CVE-2021-3609 https://www.openwall.com/lists/oss-security/2021/06/19/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1971651
- https://access.redhat.com/errata/RHSA-2021:3088
- https://access.redhat.com/errata/RHSA-2021:3044
- https://access.redhat.com/errata/RHSA-2021:3057
- https://access.redhat.com/errata/RHSA-2021:3442
- https://access.redhat.com/errata/RHSA-2021:3444
- https://access.redhat.com/errata/RHSA-2021:3375
- https://access.redhat.com/errata/RHSA-2021:3363
- https://access.redhat.com/errata/RHSA-2021:3380
- https://access.redhat.com/errata/RHSA-2021:3235
- https://access.redhat.com/security/cve/cve-2021-3609
- https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
- https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463
- https://www.openwall.com/lists/oss-security/2021/06/19/1
- https://security.netapp.com/advisory/ntap-20220419-0004/
- https://launchpad.net/bugs/cve/CVE-2021-3609
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1974405
- https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/204088
- https://www.ibm.com/support/pages/node/6493729 (Advisory)
- https://security-tracker.debian.org/tracker/CVE-2021-3609
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609
- https://nvd.nist.gov/vuln/detail/CVE-2021-3609
- https://ubuntu.com/security/CVE-2021-3609
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2021-3609?
CVE-2021-3609 has been classified with a high severity level due to its potential for local privilege escalation.
How do I fix CVE-2021-3609?
To mitigate CVE-2021-3609, update to the latest kernel version as specified in the remediation instructions from your vendor.
What types of systems are affected by CVE-2021-3609?
CVE-2021-3609 affects various Linux kernel versions, particularly those in Red Hat and Debian distributions.
Can CVE-2021-3609 be exploited remotely?
No, CVE-2021-3609 requires local access for exploitation, making it a local privilege escalation vulnerability.
What happens if CVE-2021-3609 is successfully exploited?
If exploited, CVE-2021-3609 could lead to memory corruption, a system crash, or privilege escalation to root.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3609
- agent/severity
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- collector/usn-cve
- source/Ubuntu
- agent/description
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- collector/nvd-api
- collector/nvd-index
- package-manager/redhat
- vendor/ibm
- canonical/ibm cloud pak for security
- version/ibm cloud pak for security/1.7.2.0
- version/ibm cloud pak for security/1.7.1.0
- version/ibm cloud pak for security/1.7.0.0
- package-manager/debian
- vendor/linux
- canonical/linux kernel
- version/linux kernel/2.6.25
- version/linux kernel/4.5
- version/linux kernel/4.10
- version/linux kernel/4.15
- version/linux kernel/4.20
- version/linux kernel/5.5.0
- version/linux kernel/5.11
- version/linux kernel/5.13
- vendor/redhat
- canonical/red hat openshift api management
- version/red hat openshift api management/2.0
- canonical/red hat quarkus
- version/red hat quarkus/1.0
- canonical/red hat codeready linux builder
- version/red hat codeready linux builder/8.1
- version/red hat codeready linux builder/8.2
- version/red hat codeready linux builder/8.4
- canonical/red hat codeready linux builder for power, little endian
- version/red hat codeready linux builder for power, little endian/8.1
- version/red hat codeready linux builder for power, little endian/8.2
- version/red hat codeready linux builder for power, little endian/8.4
- canonical/red hat openshift container platform
- version/red hat openshift container platform/4.6
- version/red hat openshift container platform/4.7
- version/red hat openshift container platform/4.8
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/4.0
- canonical/red hat virtualization host eus
- version/red hat virtualization host eus/4.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/8.2
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/8.1
- version/red hat enterprise linux server eus/8.2
- version/red hat enterprise linux server eus/8.4
- canonical/red hat enterprise linux for ibm z systems (s390x)
- version/red hat enterprise linux for ibm z systems (s390x)/8.4
- version/red hat enterprise linux for ibm z systems (s390x)/8.1
- canonical/red hat enterprise linux for power, little endian - extended update support
- version/red hat enterprise linux for power, little endian - extended update support/8.1
- version/red hat enterprise linux for power, little endian - extended update support/8.2
- version/red hat enterprise linux for power, little endian - extended update support/8.4
- canonical/red hat enterprise linux for real time
- version/red hat enterprise linux for real time/8.0
- canonical/red hat enterprise linux for real time for nfv
- version/red hat enterprise linux for real time for nfv/8.0
- version/red hat enterprise linux for real time for nfv/8.2
- version/red hat enterprise linux for real time/8.2
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/8.2
- version/red hat enterprise linux server/8.4
- canonical/red hat enterprise linux for sap applications for power, little endian - extended update support
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.1
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.2
- version/red hat enterprise linux for sap applications for power, little endian - extended update support/8.4
- canonical/red hat enterprise linux server update services for sap solutions
- version/red hat enterprise linux server update services for sap solutions/8.1
- version/red hat enterprise linux server update services for sap solutions/8.2
- version/red hat enterprise linux server update services for sap solutions/8.4
- vendor/netapp
- canonical/netapp h300s firmware
- canonical/netapp h500e firmware
- canonical/netapp h700s
- canonical/netapp h300e
- canonical/netapp h300e firmware
- canonical/netapp h500e
- canonical/netapp h700e
- canonical/netapp h410s
- canonical/netapp h410s firmware
- canonical/netapp h410c
- canonical/netapp h410c firmware
- canonical/netapp h610c
- canonical/netapp h610c firmware
- canonical/netapp h610s firmware
- canonical/netapp h615c