CVE-2021-26708

moderate-risk
Published 2021-02-05

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Do I need to act?

-
0.94% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10 High
LOCAL / HIGH complexity

Affected Products (9)

Aff Baseboard Management Controller
Baseboard Management Controller 500F Firmware
Baseboard Management Controller A250 Firmware
Hci H410C Firmware

Affected Vendors

Linux Netapp

References (14)

Mailing List http://www.openwall.com/lists/oss-security/2021/02/05/6
Mailing List http://www.openwall.com/lists/oss-security/2021/04/09/2
Mailing List http://www.openwall.com/lists/oss-security/2022/01/25/14
Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5...
Patch https://security.netapp.com/advisory/ntap-20210312-0008/
Mailing List https://www.openwall.com/lists/oss-security/2021/02/04/5
Mailing List http://www.openwall.com/lists/oss-security/2021/02/05/6
Mailing List http://www.openwall.com/lists/oss-security/2021/04/09/2
Mailing List http://www.openwall.com/lists/oss-security/2022/01/25/14
Release Notes https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
Patch https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5...
Patch https://security.netapp.com/advisory/ntap-20210312-0008/
Mailing List https://www.openwall.com/lists/oss-security/2021/02/04/5
36
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 3/34 · Minimal
Exposure 15/34 · Moderate