Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7
CVSSv3

CVE-2021-26708

Published: 05/02/2021 Updated: 09/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 617
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

A local privilege escalation exists in the Linux kernel prior to 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

netapp cloud backup -

netapp fas baseboard management controller -

netapp aff baseboard management controller -

netapp solidfire \\& hci management node -

netapp solidfire baseboard management controller -

netapp baseboard_management_controller_500f_firmware

netapp baseboard_management_controller_a250_firmware

netapp hci_h410c_firmware -

Vendor Advisories

Arch Linux Issues:
A local privilege escalation was discovered in the Linux kernel before 51013 Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsockc The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support ...

Mailing Lists

Full Disclosure: Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

Github Repositories

https://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpad

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.9.16-expSEHDsec-4.18.0-trackpad

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/jordan9001/vsock_poc

Investigating the bug behind CVE-2021-26708

vsock_poc Investigating the bug behind CVE-2021-26708 This repo contains a small writeup about CVE-2021-26708, and how this bug can be turned into a Use After Free write primitive The PoC here is not a full exploit, but just my harness I used when trying to investigate this bug It can successfully use an entry from the kmalloc-64 cache after it is freed, but doesn't hav

https://github.com/hardenedvault/vault_range_poc

Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution!

Vault Range PoC Project Vault Range PoC: Know your enemy and yourself to build better defense-in-depth solution! HardenedVault will share some of technical experience we gained during the daily work of building open source based security solution for platform/infrastructure, eg: Linux kernel, firmware and cryptography engineering Any contributors are welcomed as well! Proof o

https://github.com/c4pt000/kernel-5.11.0-expSEHDsec

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-cgroup-virtio

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi

kernel-4.4.167expSEHDsec

Fedora 34/35 ONLY! will not work on Fedora 39 01-03-2022 a host of more drivers have been enabled for SPI programming, UART, GPIO programming (programmers), enabled more legacy gamepad joystick drivers for legacy video game consoles, (NES, SNES, TURBGFX64, PS1, PS2) attempted to add more stability with mobile systems to release the usb keyboard with encrypted filesystems for

References

CWE-667https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446https://www.openwall.com/lists/oss-security/2021/02/04/5https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13http://www.openwall.com/lists/oss-security/2021/02/05/6https://security.netapp.com/advisory/ntap-20210312-0008/http://www.openwall.com/lists/oss-security/2021/04/09/2http://www.openwall.com/lists/oss-security/2022/01/25/14https://nvd.nist.govhttps://github.com/c4pt000/kernel-4.4.167expSEHDsec-4.18.0-trackpadhttp://seclists.org/oss-sec/2021/q2/14https://security.archlinux.org/CVE-2021-26708
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook