CVE-2021-3609 log

Source
Severity Medium
Remote No
Type Privilege escalation
Description 
A race condition in net/can/bcm.c in the Linux kernel before version 5.13.2 allows for local privilege escalation to root. The CAN BCM networking protocol allows to register a CAN message receiver for a specified socket. The function bcm_rx_handler() is run for incoming CAN messages. Simultaneously to running this function, the socket can be closed and bcm_release() will be called. Inside bcm_release(), struct bcm_op and struct bcm_sock are freed while bcm_rx_handler() is still running, finally leading to multiple use-after-free's.
Group Package Affected Fixed Severity Status Ticket
AVG-2184 linux-lts 5.10.51-1 5.10.52-1 High Fixed
AVG-2183 linux-hardened 5.12.18.hardened1-1 5.12.19.hardened1-1 High Fixed
AVG-2182 linux-zen 5.13.1.zen1-1 5.13.4.zen1-1 High Fixed
AVG-2181 linux 5.13.1.arch1-1 5.13.4.arch1-1 High Fixed
Date Advisory Group Package Severity Type
21 Jul 2021 ASA-202107-51 AVG-2184 linux-lts High privilege escalation
21 Jul 2021 ASA-202107-50 AVG-2183 linux-hardened High privilege escalation
21 Jul 2021 ASA-202107-49 AVG-2182 linux-zen High privilege escalation
21 Jul 2021 ASA-202107-48 AVG-2181 linux High privilege escalation
References 
https://www.openwall.com/lists/oss-security/2021/06/19/1
https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.2&id=014f8baa9d240c4cf7180d37abd625fd4a4527c8
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.17&id=d8a5cf5cfc07a296c78bd515671e374b8d8db022
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.50&id=b52e0cf0bfc1ede495de36aec86f6013efa18f60