A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
Weakness: Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
This section is open source, for any additional information that enhances or clarifies the official advisory above.
CVE-2021-26708 Exploits (1)
- jordan9001/vsock_poc ( 3)