Summaryinfo

A vulnerability was found in Linux Kernel and classified as critical. This impacts an unknown function of the component CAN Subsystem. Executing a manipulation can lead to race condition. This vulnerability is registered as CVE-2021-3609. It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability has been found in Linux Kernel (Operating System) (the affected version is unknown) and classified as critical. This vulnerability affects an unknown code of the component CAN Subsystem. The manipulation with an unknown input leads to a race condition vulnerability. The CWE definition for the vulnerability is CWE-362. The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was published 03/04/2022. The advisory is available at github.com. This vulnerability was named CVE-2021-3609 since 06/18/2021. The technical details are unknown and an exploit is not available.

Applying the patch d5f9023fa61ee8b94f37a93f08e94b136cf1e463 is able to eliminate this problem. The bugfix is ready for download at github.com.

Once again VulDB remains the best source for vulnerability data.

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

License

• open-source

Website

• Vendor: https://www.kernel.org/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion