This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux_for_ibm_z_systems_eus_s390x
(Redhat)
Repositories
Unknown:
This might be proprietary software.
#Vulnerabilities
2
Date
Id
Summary
Products
Score
Patch
Annotated
2022-03-03
CVE-2021-3609
.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kernel allows for local privilege escalation to root.
In systemd 240, bus_open_system_watch_bind_with_description in shared/bus-util.c (as used by systemd-resolved to connect to the system D-Bus instance), calls sd_bus_set_trusted, which disables access controls for incoming D-Bus messages. An unprivileged user can exploit this by executing D-Bus methods that should be restricted to privileged users, in order to change the system's DNS resolver settings.