Severity
Medium
Analysis Summary
CVE-2021-33624
Linux Kernel could allow an attacker to obtain sensitive information, caused by a flaw in the BPF protection against speculative execution attacks. By executing a specially-crafted BPF program, an attacker could exploit this vulnerability to obtain contents of arbitrary kernel memory information, and use this information to launch further attacks against the affected system.
CVE-2021-3609
Linux Kernel could allow an authenticated attacker to gain elevated privileges on the system, caused by a race condition in net/can/bcm.c. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges as root.
Impact
- Information Theft
- Elevated Privileges
- Unauthorized Access
Affected Vendors
Linux
Affected Products
- Linux Kernel 2.6.25
- Linux Kernel 2.6.26
- Linux Kernel 2.6.27
- Linux Kernel 2.6.28
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.