CVE-2021-3609: Race Condition

Published Jun 14, 2021
·
Updated

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.

Other sources

A race condition occurs between bcmrelease() and bcmrxhandler(). When a message is received in bcmrxhandler(), the socket can be closed in bcmrelease() which will free the struct bcmsock and struct bcmop. This leads to various use-after-free's in bcmrxhandler() and depending on the provided flags, also in bcmrxtimeouthandler(). The use-after-free's in combination with a heap spray may lead to sensitive socket data being overwritten, resulting in local privilege escalation.

Red Hat

Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in net/can/bcm.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.

IBM

Affected Software

100 affected componentsFixes available
redhat/kernel-rt<0:4.18.0-305.12.1.rt7.84.el8_4
0:4.18.0-305.12.1.rt7.84.el8_4
redhat/kernel<0:4.18.0-305.12.1.el8_4
0:4.18.0-305.12.1.el8_4
redhat/kernel<0:4.18.0-147.54.2.el8_1
0:4.18.0-147.54.2.el8_1
redhat/kernel-rt<0:4.18.0-193.64.1.rt13.115.el8_2
0:4.18.0-193.64.1.rt13.115.el8_2
redhat/kernel<0:4.18.0-193.64.1.el8_2
0:4.18.0-193.64.1.el8_2
redhat/redhat-virtualization-host<0:4.4.7-20210804.0.el8_4
0:4.4.7-20210804.0.el8_4
IBM Cloud Pak for Security (CP4S)<=1.7.2.0
IBM Cloud Pak for Security (CP4S)<=1.7.1.0
IBM Cloud Pak for Security (CP4S)<=1.7.0.0
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
Linux Linux kernel>=2.6.25<4.4.276
Linux Linux kernel>=4.5<4.9.276
Linux Linux kernel>=4.10<4.14.240
Linux Linux kernel>=4.15<4.19.198
Linux Linux kernel>=4.20<5.4.132
Linux Linux kernel>=5.5.0<5.10.50
Linux Linux kernel>=5.11<5.12.17
Linux Linux kernel>=5.13<5.13.2
redhat 3scale API Management=2.0
redhat Build Of Quarkus=1.0
redhat Codeready Linux Builder Eus=8.1
redhat Codeready Linux Builder Eus=8.2
redhat Codeready Linux Builder Eus=8.4
redhat Codeready Linux Builder For Power Little Endian Eus=8.1
redhat Codeready Linux Builder For Power Little Endian Eus=8.2
redhat Codeready Linux Builder For Power Little Endian Eus=8.4
redhat OpenShift Container Platform=4.6
redhat OpenShift Container Platform=4.7
redhat OpenShift Container Platform=4.8
redhat Virtualization=4.0
redhat Virtualization Host=4.0
redhat Enterprise Linux Aus=8.2
redhat Enterprise Linux Eus=8.1
redhat Enterprise Linux Eus=8.2
redhat Enterprise Linux Eus=8.4
redhat Enterprise Linux For Ibm Z Systems Eus=8.4
redhat Enterprise Linux For Ibm Z Systems Eus S390x=8.1
redhat Enterprise Linux For Power Little Endian Eus=8.1
redhat Enterprise Linux For Power Little Endian Eus=8.2
redhat Enterprise Linux For Power Little Endian Eus=8.4
redhat Enterprise Linux For Real Time=8.0
redhat Enterprise Linux For Real Time For Nfv=8.0
redhat Enterprise Linux For Real Time For Nfv Tus=8.0
redhat Enterprise Linux For Real Time For Nfv Tus=8.2
redhat Enterprise Linux For Real Time Tus=8.0
redhat Enterprise Linux For Real Time Tus=8.2
redhat Enterprise Linux Server Aus=8.2
redhat Enterprise Linux Server Aus=8.4
redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions=8.1
redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions=8.2
redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions=8.4
redhat Enterprise Linux Server Tus=8.2
redhat Enterprise Linux Server Tus=8.4
redhat Enterprise Linux Server Update Services For Sap Solutions=8.1
redhat Enterprise Linux Server Update Services For Sap Solutions=8.2
redhat Enterprise Linux Server Update Services For Sap Solutions=8.4
NetApp H300s Firmware
NetApp H300s
NetApp H500s Firmware
NetApp H500s
NetApp H700s Firmware
NetApp H700s
NetApp H300e Firmware
NetApp H300e
NetApp H500e Firmware
NetApp H500e
NetApp H700e Firmware
NetApp H700e
NetApp H410s Firmware
NetApp H410s
NetApp H410c Firmware
NetApp H410c
NetApp H610c Firmware
NetApp H610c
NetApp H610s Firmware
NetApp H610s
NetApp H615c Firmware
NetApp H615c
All of the following
NetApp H300s Firmware
NetApp H300s
All of the following
NetApp H500s Firmware
NetApp H500s
All of the following
NetApp H700s Firmware
NetApp H700s
All of the following
NetApp H300e Firmware
NetApp H300e
All of the following
NetApp H500e Firmware
NetApp H500e
All of the following
NetApp H700e Firmware
NetApp H700e
All of the following
NetApp H410s Firmware
NetApp H410s
All of the following
NetApp H410c Firmware
NetApp H410c
All of the following
NetApp H610c Firmware
NetApp H610c
All of the following
NetApp H610s Firmware
NetApp H610s
All of the following
NetApp H615c Firmware
NetApp H615c

Remediation

Information

As the CAN module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: # echo "install can-bcm /bin/true" >> /etc/modprobe.d/disable-can-bcm.conf The system will need to be restarted if the CAN modules are loaded. In most circumstances, the CAN kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. If the system requires this module to work correctly, this mitigation may not be suitable. If you need further assistance, see KCS article https://access.redhat.com/solutions/41278 or contact Red Hat Global Support Services.

Patch Available

https://github.com/torvalds/linux/commit/d5f9023fa61ee8b94f37a93f08e94b136cf1e463

Event History

Jun 14, 2021
Data Sourced
via Red Hat·01:53 PM
DescriptionSeverityAffected Software
Jun 19, 2021
CVE Published
12:00 AM
Mar 3, 2022
CVE Published
via MITRE·06:24 PM
Data Sourced
via MITRE·06:24 PM
DescriptionWeakness
Jan 11, 2024
Data Sourced
via Launchpad·11:57 PM
Description
May 10, 2025
Data Sourced
via Ubuntu·04:33 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2021-3609?

CVE-2021-3609 has been classified with a high severity level due to its potential for local privilege escalation.

2

How do I fix CVE-2021-3609?

To mitigate CVE-2021-3609, update to the latest kernel version as specified in the remediation instructions from your vendor.

3

What types of systems are affected by CVE-2021-3609?

CVE-2021-3609 affects various Linux kernel versions, particularly those in Red Hat and Debian distributions.

4

Can CVE-2021-3609 be exploited remotely?

No, CVE-2021-3609 requires local access for exploitation, making it a local privilege escalation vulnerability.

5

What happens if CVE-2021-3609 is successfully exploited?

If exploited, CVE-2021-3609 could lead to memory corruption, a system crash, or privilege escalation to root.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203