CVE-2021-3609 - log back

CVE-2021-3609 edited at 14 Jul 2021 19:44:47
Description
- A race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. The CAN BCM networking protocol allows to register a CAN message receiver for a specified socket. The function bcm_rx_handler() is run for incoming CAN messages. Simultaneously to running this function, the socket can be closed and bcm_release() will be called. Inside bcm_release(), struct bcm_op and struct bcm_sock are freed while bcm_rx_handler() is still running, finally leading to multiple use-after-free's.
+ A race condition in net/can/bcm.c in the Linux kernel before version 5.13.2 allows for local privilege escalation to root. The CAN BCM networking protocol allows to register a CAN message receiver for a specified socket. The function bcm_rx_handler() is run for incoming CAN messages. Simultaneously to running this function, the socket can be closed and bcm_release() will be called. Inside bcm_release(), struct bcm_op and struct bcm_sock are freed while bcm_rx_handler() is still running, finally leading to multiple use-after-free's.
References
https://www.openwall.com/lists/oss-security/2021/06/19/1
https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=d5f9023fa61ee8b94f37a93f08e94b136cf1e463
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.13.2&id=014f8baa9d240c4cf7180d37abd625fd4a4527c8
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.17&id=d8a5cf5cfc07a296c78bd515671e374b8d8db022
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.50&id=b52e0cf0bfc1ede495de36aec86f6013efa18f60
CVE-2021-3609 edited at 24 Jun 2021 14:33:14
References
https://www.openwall.com/lists/oss-security/2021/06/19/1
https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
- https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=d5f9023fa61ee8b94f37a93f08e94b136cf1e463
CVE-2021-3609 edited at 24 Jun 2021 14:20:26
References
https://www.openwall.com/lists/oss-security/2021/06/19/1
https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
+ https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/T/
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.10&id=3556fac71e41f342d61331f3367d48bbbc292308
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.43&id=3795007c8dfc8bca176529bfeceb17c6f4ef7e44
CVE-2021-3609 edited at 24 Jun 2021 13:26:35
References
https://www.openwall.com/lists/oss-security/2021/06/19/1
https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
- https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.10&id=3556fac71e41f342d61331f3367d48bbbc292308
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.43&id=3795007c8dfc8bca176529bfeceb17c6f4ef7e44
CVE-2021-3609 edited at 20 Jun 2021 09:37:48
References
https://www.openwall.com/lists/oss-security/2021/06/19/1
+ https://www.openwall.com/lists/oss-security/2021/06/19/2
https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
+ https://lore.kernel.org/netdev/20210619161813.2098382-1-cascardo@canonical.com/T/
CVE-2021-3609 edited at 19 Jun 2021 14:57:05
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root. The CAN BCM networking protocol allows to register a CAN message receiver for a specified socket. The function bcm_rx_handler() is run for incoming CAN messages. Simultaneously to running this function, the socket can be closed and bcm_release() will be called. Inside bcm_release(), struct bcm_op and struct bcm_sock are freed while bcm_rx_handler() is still running, finally leading to multiple use-after-free's.
References
+ https://www.openwall.com/lists/oss-security/2021/06/19/1
+ https://github.com/nrb547/kernel-exploitation/blob/main/cve-2021-3609/cve-2021-3609.md
CVE-2021-3609 created at 19 Jun 2021 14:54:04
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes