PT-2021-2217 · Linux+6 · Linux Kernel+6

Alexander Popov

Published

2021-02-01

Updated

2024-12-19

CVE-2021-26708

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.13

Description A local privilege escalation issue is present in the Linux kernel due to multiple race conditions in the AF VSOCK implementation. These conditions are caused by incorrect locking in the net/vmw vsock/af vsock.c file. The issue was introduced when VSOCK multi-transport support was added.

Recommendations For Linux kernel versions prior to 5.10.13, update to version 5.10.13 or later to resolve the issue. As a temporary workaround, consider restricting access to the AF VSOCK implementation until a patch is available.

Exploit

Fix

LPE

Improper Privilege Management

Improper Locking

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-667CWE-362

Related Identifiers

ALSA-2021:1093

ALT-PU-2021-1208

ALT-PU-2021-1249

ALT-PU-2021-1339

ALT-PU-2021-1417

ALT-PU-2021-1424

ALT-PU-2021-1446

BDU:2021-01126

CESA-2021_1081

CESA-2021_1093

CVE-2021-26708

MGASA-2021-0084

MGASA-2021-0085

OPENSUSE-SU-2024:10728-1

OPENSUSE-SU-2024:13704-1

RHSA-2021:1081

RHSA-2021:1093

RHSA-2021_1081

RHSA-2021_1093

USN-4727-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Linux Kernel

Red Hat

Ubuntu

PT-2021-2217 · Linux+6 · Linux Kernel+6

CVE-2021-26708

Weakness Enumeration

Related Identifiers

Affected Products

References · 266