Arch Linux Security Advisory ASA-202107-50

Severity: High
Date    : 2021-07-21
CVE-ID  : CVE-2021-3609 CVE-2021-3612 CVE-2021-33909
Package : linux-hardened
Type    : privilege escalation
Remote  : No
Link    :


The package linux-hardened before version 5.12.19.hardened1-1 is
vulnerable to privilege escalation.


Upgrade to 5.12.19.hardened1-1.

# pacman -Syu "linux-hardened>=5.12.19.hardened1-1"

The problems have been fixed upstream in version 5.12.19.hardened1.




- CVE-2021-3609 (privilege escalation)

A race condition in net/can/bcm.c in the Linux kernel before version
5.13.2 allows for local privilege escalation to root. The CAN BCM
networking protocol allows to register a CAN message receiver for a
specified socket. The function bcm_rx_handler() is run for incoming CAN
messages. Simultaneously to running this function, the socket can be
closed and bcm_release() will be called. Inside bcm_release(), struct
bcm_op and struct bcm_sock are freed while bcm_rx_handler() is still
running, finally leading to multiple use-after-free's.

- CVE-2021-3612 (privilege escalation)

An out-of-bounds memory write security issue was found in the Linux
kernel’s joystick devices subsystem before version 5.13.2, in the way
the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to
crash the system or possibly escalate their privileges on the system.

- CVE-2021-33909 (privilege escalation)

An privilege escalation security issue has been found in the filesystem
layer of the Linux kernel before version 5.13.4. An unprivileged local
attacker can obtain full root privileges by creating, mounting, and
deleting a deep directory structure whose total path length exceeds
1GB, which leads to an uncontrolled out-of-bounds write.


An unprivileged local attacker could obtain full root privileges or
crash the system.