CVE-2021-26708

Опубликовано: 05 фев. 2021

Источник: redhat

CVSS3: 7.8

Описание

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

A flaw was found in the Linux kernel. Wrong locking in the AF_VSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Отчет

This issue does affect the Red Hat Enterprise Linux 8 kernel versions kernel-4.18.0-240 onwards, starting with Red Hat Enterprise Linux 8.3 GA, which introduced VSOCK multi-transport support. Prior Red Hat Enterprise Linux kernel versions are not affected by this issue.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	kernel	Not affected
Red Hat Enterprise Linux 7	kernel	Not affected
Red Hat Enterprise Linux 7	kernel-alt	Not affected
Red Hat Enterprise Linux 7	kernel-rt	Not affected
Red Hat Enterprise Linux 9	kernel	Not affected
Red Hat Enterprise Linux 8	kernel-rt	Fixed	RHSA-2021:1081	06.04.2021
Red Hat Enterprise Linux 8	kernel	Fixed	RHSA-2021:1093	06.04.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-362

https://bugzilla.redhat.com/show_bug.cgi?id=1925588kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c

7.8 High

CVSS3

Связанные уязвимости

CVE-2021-26708

CVSS3: 7

ubuntu

больше 4 лет назад

CVE-2021-26708

CVSS3: 7

nvd

больше 4 лет назад

CVE-2021-26708

CVSS3: 7

msrc

больше 4 лет назад

Описание отсутствует

CVE-2021-26708

CVSS3: 7

debian

больше 4 лет назад

A local privilege escalation was discovered in the Linux kernel before ...

GHSA-hhxw-8c9w-q5q9

CVSS3: 7

github

около 3 лет назад

7.8 High

CVSS3