PT-2021-6072 · Linux+5 · Linux Kernel+5

Valentina Palmiotti

·

Published

2021-09-19

·

Updated

2025-09-29

·

CVE-2021-41073

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.10 through 5.14.6
Description The issue is related to a buffer overflow in the loop rw iter function in the Linux kernel's io uring subsystem, allowing local users to gain privileges. This is due to an error in the implementation of the io uring interface, leading to access to already freed memory blocks. The vulnerability can be exploited to create a working exploit, allowing for privilege escalation.
Recommendations For Linux kernel versions 5.10 through 5.14.6, update to a version that includes the patch for this issue. As a temporary workaround, consider restricting access to the io uring subsystem to minimize the risk of exploitation. Avoid using the loop rw iter() function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Buffer Overflow

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-763CWE-119CWE-269

Related Identifiers

ALSA-2024_2394
ALSA-2025_16880
ALT-PU-2021-2902
ALT-PU-2021-2912
ALT-PU-2021-2915
ALT-PU-2021-2919
ALT-PU-2021-2926
ALT-PU-2021-2938
ALT-PU-2021-2984
ALT-PU-2021-3041
ALT-PU-2021-3055
ALT-PU-2021-3451
ALT-PU-2021-3458
ALT-PU-2021-3468
ALT-PU-2021-3477
ALT-PU-2021-3563
ALT-PU-2021-3573
ALT-PU-2023-4894
AZL-6596
BDU:2022-00681
CVE-2021-41073
DSA-4978-1
MGASA-2021-0459
MGASA-2021-0460
USN-5092-1
USN-5092-2
USN-5092-3
USN-5096-1
USN-5106-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu