A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel
Netapp
  • 500f
  • A250
  • Aff Baseboard Management Controller
  • Baseboard Management Controller 500f Firmware
  • Baseboard Management Controller A250 Firmware
  • Cloud Backup
  • Fas Baseboard Management Controller
  • Hci H410c
  • Hci H410c Firmware
  • Solidfire \& Hci Management Node
  • Solidfire Baseboard Management Controller
Redhat
  • Enterprise Linux

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:baseboard_management_controller_500f_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:baseboard_management_controller_a250_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 8
kernel-rt-0:4.18.0-240.22.1.rt7.77.el8_3 cpe:/a:redhat:enterprise_linux:8::nfv RHSA-2021:1081 2021-04-06T00:00:00Z
kernel-0:4.18.0-240.22.1.el8_3 cpe:/o:redhat:enterprise_linux:8 RHSA-2021:1093 2021-04-06T00:00:00Z
References
Link Providers
http://www.openwall.com/lists/oss-security/2021/02/05/6 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2021/04/09/2 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2022/01/25/14 cve-icon cve-icon
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 cve-icon cve-icon
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-26708 cve-icon
https://security.netapp.com/advisory/ntap-20210312-0008/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-26708 cve-icon
https://www.openwall.com/lists/oss-security/2021/02/04/5 cve-icon cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-05T07:41:12

Updated: 2024-08-03T20:33:41.296Z

Reserved: 2021-02-05T00:00:00

Link: CVE-2021-26708

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2021-02-05T14:15:18.780

Modified: 2023-11-09T13:57:20.637

Link: CVE-2021-26708

cve-icon Redhat

Severity : Important

Publid Date: 2021-02-05T00:00:00Z

Links: CVE-2021-26708 - Bugzilla