Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2021-32606

Published: 11/05/2021 Updated: 25/03/2024
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

In the Linux kernel 5.11 up to and including 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Arch Linux Issues:
In the Linux kernel 511 through 5122, isotp_setsockopt in net/can/isotpc allows privilege escalation to root by leveraging a use-after-free (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support) ...

Mailing Lists

Full Disclosure: Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Linux kernel: net/can/isotp: race condition leads to local privilege escalation <!--X-Subject-Header-End--> <!--X-Head-of- ...

References

CWE-416https://www.openwall.com/lists/oss-security/2021/05/11/16http://www.openwall.com/lists/oss-security/2021/05/12/1http://www.openwall.com/lists/oss-security/2021/05/13/2http://www.openwall.com/lists/oss-security/2021/05/14/1http://www.openwall.com/lists/oss-security/2021/05/28/1https://security.netapp.com/advisory/ntap-20210625-0001/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HD3NJBG25AADVGPRC63RX2JOQBMPSWK4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GI7Z7UBWBGD3ABNIL2DC7RQDCGA4UVQW/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73D53S4IZFPFQMRABMXXLW4AJK3EULDX/https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1dhttps://nvd.nist.govhttps://security.archlinux.org/CVE-2021-32606http://seclists.org/oss-sec/2021/q2/136
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook