#VU52036 Improper Privilege Management in Linux kernel


Published: 2021-07-07 | Updated: 2023-12-03

Vulnerability identifier: #VU52036

Vulnerability risk: Low

CVSSv3.1: 7.5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-26708

CWE-ID: CWE-269

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://www.openwall.com/lists/oss-security/2021/02/05/6
http://www.openwall.com/lists/oss-security/2021/04/09/2
http://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446
http://security.netapp.com/advisory/ntap-20210312-0008/
http://www.openwall.com/lists/oss-security/2021/02/04/5

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes
Multiple vulnerabilities in Red Hat Advanced Cluster Management for Kubernetes
Red Hat Enterprise Linux 8 update for kernel-rt
Red Hat Enterprise Linux 8 update for kernel
Ubuntu update for linux