Arch Linux
Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download
issues
advisories
todo
stats
log
login
ASA-202107-48
log
original
external
raw
[ASA-202107-48] linux: privilege escalation
Arch
Linux
Security Advisory ASA-202107-48 ========================================== Severity: High Date : 2021-07-21 CVE-ID :
CVE-2021-3609
CVE-2021-3612
CVE-2021-3655
CVE-2021-33909
Package :
linux
Type : privilege escalation Remote : Yes Link :
https://security.archlinux.org/AVG-2181
Summary ======= The package
linux
before version 5.13.4.arch1-1 is vulnerable to privilege escalation including privilege escalation and information disclosure. Resolution ========== Upgrade to 5.13.4.arch1-1. # pacman -Syu "
linux
>=5.13.4.arch1-1" The problems have been fixed upstream in version 5.13.4.arch1. Workaround ========== None. Description =========== -
CVE-2021-3609
(privilege escalation) A race condition in net/can/bcm.c in the
Linux
kernel before version 5.13.2 allows for local privilege escalation to root. The CAN BCM networking protocol allows to register a CAN message receiver for a specified socket. The function bcm_rx_handler() is run for incoming CAN messages. Simultaneously to running this function, the socket can be closed and bcm_release() will be called. Inside bcm_release(), struct bcm_op and struct bcm_sock are freed while bcm_rx_handler() is still running, finally leading to multiple use-after-free's. -
CVE-2021-3612
(privilege escalation) An out-of-bounds memory write security issue was found in the
Linux
kernel’s joystick devices subsystem before version 5.13.2, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. -
CVE-2021-3655
(information disclosure) A vulnerability was found in the
Linux
kernel. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. -
CVE-2021-33909
(privilege escalation) An privilege escalation security issue has been found in the filesystem layer of the
Linux
kernel before version 5.13.4. An unprivileged local attacker can obtain full root privileges by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, which leads to an uncontrolled out-of-bounds write. Impact ====== An unprivileged local attacker could obtain full root privileges or crash the system. References ==========
https://www.openwall.com/lists/oss-security/2021/06/19/1
https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.2&id=014f8baa9d240c4cf7180d37abd625fd4a4527c8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.17&id=d8a5cf5cfc07a296c78bd515671e374b8d8db022
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.50&id=b52e0cf0bfc1ede495de36aec86f6013efa18f60
https://bugzilla.redhat.com/show_bug.cgi?id=1974079
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.2&id=81acf1015233b3ee1d9834ba4fcca087a75c0c1b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.17&id=b88243d8f1c7eb2a834fd7cd1ea9691554240d3a
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.50&id=b4c35e9e8061b2386da1aa0d708e991204e76c45
https://bugzilla.redhat.com/show_bug.cgi?id=1984024
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=0c5dc070ff3d6246d22ddd931f23a6266249e3db
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=50619dbf8db77e98d821d615af4f634d08e22698
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=b6ffe7671b24689c09faa5675dd58f93758a97ae
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ef6c8d6ccf0c1dccdda092ebe8782777cd7803c9
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.3&id=4ecabee69d190f2bd9bdc5140109a27231428413
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.3&id=92b74375a1bbf5f7f64f4ea98064a5ba62956bcc
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.18&id=d91adac26d5ebac78c731b3aa23ff2c210ce2a0d
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.18&id=603f0eedf3b17df9e424c01bae25b94ae1091279
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.51&id=d4dbef7046e24669278eba4455e9e8053ead6ba0
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.51&id=6ef81a5c0e22233e13c748e813c54d3bf0145782
https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-crasher.c
https://www.qualys.com/2021/07/20/cve-2021-33909/cve-2021-33909-exploit.tar.gz
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.4&id=71de462034c69525a5049fbdf3903c5833cbce04
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.19&id=514b6531b1cbb64199db63bfdb80953d71998cca
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.52&id=174c34d9cda1b5818419b8f5a332ced10755e52f
https://security.archlinux.org/CVE-2021-3609
https://security.archlinux.org/CVE-2021-3612
https://security.archlinux.org/CVE-2021-3655
https://security.archlinux.org/CVE-2021-33909