CVE-2021-3609: 
Linux Kernel vulnerability analysis and mitigation

CVE-2021-3609 is a race condition vulnerability discovered in the CAN BCM networking protocol of the Linux kernel, affecting versions from 2.6.25 to 5.13-rc6. The vulnerability was initially reported by syzbot and later confirmed exploitable by Norbert Slusarek. The flaw allows a local attacker to abuse the CAN subsystem to corrupt memory, crash the system, or escalate privileges to root (OSS Security, NVD).

The vulnerability exists in net/can/bcm.c where a race condition occurs between bcmrelease() and bcmrxhandler(). When a message is received in bcmrxhandler(), the socket can be closed in bcmrelease() which will free the struct bcmsock and struct bcmop, leading to use-after-free vulnerabilities. The issue has a CVSS v3.1 base score of 7.0 (HIGH) with vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD, GitHub Exploit).

Successful exploitation of this vulnerability could lead to local privilege escalation to root, disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability is particularly impactful as it affects a wide range of Linux kernel versions and can be exploited by a local attacker to gain elevated privileges (NetApp Advisory).

The vulnerability was patched by adding synchronizercu() calls in the Linux kernel to ensure proper synchronization before freeing the affected structures. The fix was implemented in Linux kernel version 5.13 through commit d5f9023fa61ee8b94f37a93f08e94b136cf1e463. The patch ensures that bcmrx_handler() won't be called anymore for the affected operations before they are freed (Linux Commit).