QwikSec

Security Database

CVE

CWE

Training

CVE-2021-26708

Published: Feb 5, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446

x_refsource_MISC

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/02/04/5

x_refsource_MISC

[oss-security] 20210205 Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20210312-0008/

x_refsource_CONFIRM

[oss-security] 20210409 Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation

mailing-list

x_refsource_MLIST

[oss-security] 20220125 CVE-2022-0185: Linux kernel slab out-of-bounds write: exploit and writeup

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.