CVE-2021-32606

HIGH

Linux Kernel 5.11-5.12.2 - Use-After-Free in CAN ISOTP Setsockopt

Title source: llm
STIX 2.1

Description

In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)

Scores

CVSS v3 7.8
EPSS 0.0042
EPSS Percentile 33.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (4)
fedoraproject/fedora 32
fedoraproject/fedora 33
fedoraproject/fedora 34
linux/linux_kernel 5.11 - 5.12.9
Published May 11, 2021
Tracked Since Feb 18, 2026