CVE-2021-32606 : In the Linux kernel 5.11 through 5.12.2, isotp

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

Published 2021-05-11 23:15:09

Updated 2024-03-25 01:15:51

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionGain privilege

Products affected by CVE-2021-32606

Linux » Linux Kernel
Versions from including (>=) 5.11 and before (<) 5.12.9
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 33
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 34
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-32606

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-32606

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-32606

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-32606

http://www.openwall.com/lists/oss-security/2021/05/28/1

oss-security - Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
Mailing List;Patch;Third Party Advisory
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d

can: isotp: prevent race between isotp_bind() and isotp_setsockopt() - kernel/git/torvalds/linux.git - Linux kernel source tree
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD3NJBG25AADVGPRC63RX2JOQBMPSWK4/

[SECURITY] Fedora 33 Update: kernel-5.11.21-200.fc33 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/

[SECURITY] Fedora 34 Update: kernel-5.11.21-300.fc34 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73D53S4IZFPFQMRABMXXLW4AJK3EULDX/

[SECURITY] Fedora 32 Update: kernel-5.11.21-100.fc32 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HD3NJBG25AADVGPRC63RX2JOQBMPSWK4/

[SECURITY] Fedora 33 Update: kernel-5.11.21-200.fc33 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://security.netapp.com/advisory/ntap-20210625-0001/

CVE-2021-32606 Linux Kernel Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/05/11/16

oss-security - Linux kernel: net/can/isotp: race condition leads to local privilege escalation
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/12/1

oss-security - Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/13/2

oss-security - Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
Mailing List;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/

[SECURITY] Fedora 34 Update: kernel-5.11.21-300.fc34 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/73D53S4IZFPFQMRABMXXLW4AJK3EULDX/

[SECURITY] Fedora 32 Update: kernel-5.11.21-100.fc32 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/05/14/1

oss-security - Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2021-32606

Products affected by CVE-2021-32606

Exploit prediction scoring system (EPSS) score for CVE-2021-32606

CVSS scores for CVE-2021-32606

CWE ids for CVE-2021-32606

References for CVE-2021-32606