Lucene search
UbuntuUSN-5002-1HistoryJun 23, 2021 - 12:00 a.m.
Linux kernel (HWE) vulnerability
2021-06-2300:00:00
ubuntu.com
132
ubuntu 18.04
linux kernel
hwe
vulnerability
google container engine
gke
raspberry pi v8
race condition
can bcm
networking protocol
use-after-free
arbitrary code
local attacker
esm
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
5.1%
Releases
- Ubuntu 18.04 ESM
Packages
- linux-gke-5.3 - Linux kernel for Google Container Engine (GKE) systems
- linux-hwe - Linux hardware enablement (HWE) kernel
- linux-raspi2-5.3 - Linux kernel for Raspberry Pi (V8) systems
Details
Norbert Slusarek discovered a race condition in the CAN BCM networking
protocol of the Linux kernel leading to multiple use-after-free
vulnerabilities. A local attacker could use this issue to execute arbitrary
code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | linux-image-gkeop-5.3 | < 5.3.0.75.132 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-cloud-tools-gkeop-5.3 | < 5.3.0.75.132 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-gkeop-5.3 | < 5.3.0.75.132 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-headers-gkeop-5.3 | < 5.3.0.75.132 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-modules-extra-gkeop-5.3 | < 5.3.0.75.132 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-tools-gkeop-5.3 | < 5.3.0.75.132 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-image-gke-5.3 | < 5.3.0.1044.27 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-gke-5.3 | < 5.3.0.1044.27 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-headers-gke-5.3 | < 5.3.0.1044.27 | UNKNOWN |
| Ubuntu | 18.04 | noarch | linux-modules-extra-gke-5.3 | < 5.3.0.1044.27 | UNKNOWN |
References
Related
openvas
openvas
Ubuntu: Security Advisory (USN-5002-1)
2021-06-24 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2842-1)
2021-08-26 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2021-fe826f202e)
2021-07-11 00:00:00
nessus
nessus
Photon OS 1.0: Linux PHSA-2021-1.0-0408
2021-07-01 00:00:00
Photon OS 4.0: Linux PHSA-2021-4.0-0052
2021-06-25 00:00:00
Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerability (USN-5002-1)
2021-06-23 00:00:00
veracode
veracode
Privilege Escalation
2021-08-12 15:39:39
prion
prion
Race condition
2022-03-03 19:15:00
photon
photon
cnvd
cnvd
Linux Kernel Elevation of Privilege Vulnerability (CNVD-2021-60529)
2021-06-22 00:00:00
redhatcve
redhatcve
CVE-2021-3609
2021-06-21 15:38:03
cve
cve
CVE-2021-3609
2022-03-03 19:15:08
nvd
nvd
CVE-2021-3609
2022-03-03 19:15:08
osv
osv
CVE-2021-3609
2022-03-03 19:15:08
linux-hwe, linux-gke-5.3, linux-raspi2-5.3 vulnerability
2021-06-23 04:12:41
Important: kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
debiancve
debiancve
CVE-2021-3609
2022-03-03 19:15:08
cbl_mariner
cbl_mariner
CVE-2021-3609 affecting package kernel 5.10.189.1-1
2022-03-10 23:47:45
ubuntu
ubuntu
Kernel Live Patch Security Notice
2021-07-19 00:00:00
Linux kernel (OEM) vulnerabilities
2021-09-16 00:00:00
Linux kernel vulnerabilities
2021-06-23 00:00:00
cvelist
cvelist
CVE-2021-3609
2022-03-03 18:24:59
ubuntucve
ubuntucve
CVE-2021-3609
2021-06-21 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-28390, CVE-2021-3609
2022-04-19 14:04:12
Fix of CVE: CVE-2021-3609, CVE-2022-28390
2022-04-19 14:03:46
fedora
fedora
[SECURITY] Fedora 33 Update: kernel-5.12.14-200.fc33
2021-07-08 01:08:51
[SECURITY] Fedora 34 Update: kernel-5.12.14-300.fc34
2021-07-08 00:58:19
ibm
ibm
archlinux
archlinux
[ASA-202107-50] linux-hardened: privilege escalation
2021-07-21 00:00:00
[ASA-202107-51] linux-lts: privilege escalation
2021-07-21 00:00:00
[ASA-202107-49] linux-zen: privilege escalation
2021-07-21 00:00:00
redhat
redhat
(RHSA-2021:3057) Important: kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
(RHSA-2021:3044) Important: kpatch-patch security update
2021-08-10 10:46:54
(RHSA-2021:3442) Important: kpatch-patch security update
2021-09-07 14:24:32
almalinux
almalinux
Important: kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
mageia
mageia
Updated kernel packages fix security vulnerabilities
2021-07-22 10:08:00
Updated kernel-linus packages fix security vulnerabilities
2021-07-22 10:08:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2021-08-11 00:00:00
Unbreakable Enterprise kernel-container security update
2021-09-16 00:00:00
Unbreakable Enterprise kernel security update
2021-09-16 00:00:00
rocky
rocky
kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
kernel-rt security and bug fix update
2021-08-10 12:10:45
debian
debian
[SECURITY] [DLA 2713-1] linux security update
2021-07-20 19:50:49
[SECURITY] [DSA 4941-1] linux security update
2021-07-20 12:53:32
[SECURITY] [DSA 4941-1] linux security update
2021-07-20 12:53:32
suse
suse
Security update for the Linux Kernel (important)
2021-07-22 00:00:00
Security update for the Linux Kernel (important)
2021-08-10 00:00:00
Security update for the Linux Kernel (important)
2021-08-14 00:00:00
cloudfoundry
cloudfoundry
USN-5000-1: Linux kernel vulnerabilities | Cloud Foundry
2021-07-08 00:00:00
amazon
amazon
Important: kernel
2021-09-30 19:25:00
redos
redos
ROS-20220919-01
2022-09-19 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for USN-5002-1