CVE-2021-32606 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Privilege escalation
Description	In the Linux kernel since 5.11 before 5.12.9, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

Group	Package	Affected	Fixed	Severity	Status
AVG-2033	linux-hardened	5.12.7.hardened1-1	5.12.9.hardened1-1	Medium	Fixed
AVG-2032	linux-zen	5.12.8.zen1-1	5.12.9.zen1-1	Medium	Fixed
AVG-2031	linux	5.12.8.arch1-1	5.12.9.arch1-1	Medium	Fixed

References
https://www.openwall.com/lists/oss-security/2021/05/11/16 https://www.openwall.com/lists/oss-security/2021/05/28/1 https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-32606/cve-2021-32606.md https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=b190618d8337b9466d985854e417dc0e8b012e3c

References

https://www.openwall.com/lists/oss-security/2021/05/11/16
https://www.openwall.com/lists/oss-security/2021/05/28/1
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-32606/cve-2021-32606.md
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=b190618d8337b9466d985854e417dc0e8b012e3c