Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-2
#1
Quote:The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).
 
These vulnerabilities result from race conditions that were implicitly added with [color=var(--theme-link_a)]virtual socket multi-transport support. They appeared in Linux kernel version 5.5 in November 2019. The vulnerable kernel drivers (CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS) are shipped as kernel modules in all major GNU/Linux distributions. The vulnerable modules are automatically loaded when an AF_VSOCK socket is created. This ability is available to unprivileged users.[/color]
 
“I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86_64 platform protections such as SMEP and SMAP. This research will lead to new ideas on how to improve Linux kernel security,” said Popov.
 
The researcher prepared the fixing patch and disclosed the vulnerabilities responsibly to the Linux kernel security team. The [color=var(--theme-link_a)]patch has been merged into mainline kernel version 5.11-rc7 and backported into affected stable trees.[/color]


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Singapore distances itself from local crypto companies mrtrout 0 1,561 07-21-2022 , 08:20 PM
Last Post: mrtrout
  Top Linux Vulnerabilities Exploited by Hackers mrtrout 0 680 08-27-2021 , 01:12 AM
Last Post: mrtrout
  Google funds Linux maintainers to boost Linux kernel security Bjyda 0 1,068 02-24-2021 , 11:39 PM
Last Post: Bjyda
  Popular SHAREit app is affected by severe flaws yet to be fixed Bjyda 0 1,124 02-16-2021 , 09:14 PM
Last Post: Bjyda
  183 Brit local authorities operate 80,000 CCTV cams between them mrtrout 0 1,629 11-07-2020 , 02:03 AM
Last Post: mrtrout



Users browsing this thread: 1 Guest(s)