CVE-2021-32606 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description
In the Linux kernel since 5.11 before 5.12.9, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
Group Package Affected Fixed Severity Status Ticket
AVG-2033 linux-hardened 5.12.7.hardened1-1 5.12.9.hardened1-1 Medium Fixed
AVG-2032 linux-zen 5.12.8.zen1-1 5.12.9.zen1-1 Medium Fixed
AVG-2031 linux 5.12.8.arch1-1 5.12.9.arch1-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/11/16
https://www.openwall.com/lists/oss-security/2021/05/28/1
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-32606/cve-2021-32606.md
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=b190618d8337b9466d985854e417dc0e8b012e3c