7
CVSSv3

CVE-2021-26708

Published: 05/02/2021 Updated: 25/02/2022
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A local privilege escalation exists in the Linux kernel prior to 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

netapp cloud backup -

netapp fas baseboard management controller -

netapp aff baseboard management controller -

netapp solidfire \\& hci management node -

netapp solidfire baseboard management controller -

netapp baseboard_management_controller_500f_firmware

netapp baseboard_management_controller_a250_firmware

netapp hci_h410c_firmware -

Vendor Advisories

A local privilege escalation was discovered in the Linux kernel before 51013 Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsockc The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support ...

Mailing Lists

Hello! I published a detailed article about exploiting CVE-2021-26708 in AF_VSOCK implementation: a13xp0p0vgithubio/2021/02/09/CVE-2021-26708html In this article I describe how to gain local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP The race condition may cause write-after-free of a 4-byte controlle ...
On February 5, 2021 12:43:31 AM GMT+03:00, Alexander Popov <alexpopov () linux com> wrote: CVE-2021-26708 is assigned to these issues: nvdnistgov/vuln/detail/CVE-2021-26708 Best regards, Alexander ...
Hi all, Now that the discoverers of this bug (CVE-2022-0185) have published their exploit and writeup (twittercom/cor_ctf/status/1486022971034529794), here is the exploit I wrote (attached) and a short writeup: # Exploiting CVE-2022-0185: A Linux kernel slab out-of-bounds write Last week, a newly discovered vulnerability was announced ...

Github Repositories

RPMs from now on only debian/ubuntu/kali users should use the packages 'dpkg and alien to convert RPMs to DEBs on their systems' alien --scripts *rpm 03-04-2021 update penguin-expSEHDsec-5110 -> (NVIDIA-Linux-x86_64-46056run) improvements for Xen, still supporting KVM + Docker patched for wwwhelpnetsecuritycom/2021/03/03/cve-2021-26708/ (CV

Vault Range PoC Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution! HardenedVault will share some of technical experience we gained during the daily work of building open source based security solution for platform/infrastructure, eg: Linux kernel, firmware and cryptography engineering Any contributors are welcomed as well! Proof o

Investigating the bug behind CVE-2021-26708

vsock_poc Investigating the bug behind CVE-2021-26708

for HAXM 05-13-2021 githubcom/c4pt000/kernel-5116-expSEHDsec-HAXM-cgroup-virtio/releases/tag/haxm-experimental githubcom/c4pt000/haxm rawgithubusercontentcom/c4pt000/kernel-5116-expSEHDsec-HAXM-cgroup-virtio/master/config-5116-HAXM-expSEHDsec-c4pt000 sed -i 's/GRUB_ENABLE_BLSCFG=true/GRUB_ENABLE_BLSCFG=false/g' /etc/default/grub s

05-06-2021 added better support for AMD? by removing alot of the framebuffer stuff for RADEON, AMDGPU ┌─[root@fedora]─[/home/c4pt/Desktop/CURRENT-expSEHDsec-HAXM+docker+cgroup] └──╼ #cat config-5116-HAXM-expSEHDsec-c4pt000 | grep RADEON # CONFIG_DRM_RADEON is not set # CONFIG_FB_RADEON is not set ┌─[root@fedora]─[/home/c4pt/Desktop/CURRENT-expSEHDsec-HAXM

10-28-2021 readded RTL8812au (kali wifi driver known for realtek wifi high-powered usb cards) directly to the kernel as a running module at boot delayed from the kernel changing slightly from 44167 to 511 also the changes to RTL8812au which created a problem as a conflict between other realtek modules due to the hardware abstraction layer source code which is part of rtw88_

update 04-24-2021 note had a problem with MUTEX had to change MUTEX debug flags to recompile NVIDIA-Linux-x86_64-46056run for current updated running kernel this version still seems working as it did with 5116 (Even though this is the same base and not a kernel subversion up releases RPMs githubcom/c4pt000/kernel-5116-expSEHDsec/releases/tag/5116-expSEHDs

SOURCE build based on 5116 with config changes for expSEHDsec penguin_logo, hid-xpadneo joystick module (or docker run -it -d fedora:33) mkdir -p /opt/kernel-build cd /opt/kernel-build yum install wget -y wget rawgithubusercontentcom/c4pt000/kernel-5110-expSEHDsec/master/build-kernelsh source build-kernelsh RPMs from now on only debian/ubuntu/kal

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-