A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Netapp
  • 500f
  • Hci H410c
  • A250
  • Hci H410c Firmware
  • Cloud Backup
  • Baseboard Management Controller A250 Firmware
  • Solidfire Baseboard Management Controller
  • Fas Baseboard Management Controller
  • Aff Baseboard Management Controller
  • Solidfire \& Hci Management Node
  • Baseboard Management Controller 500f Firmware
Linux
  • Linux Kernel

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:netapp:baseboard_management_controller_500f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:netapp:baseboard_management_controller_a250_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:*
References
Link Resource
http://www.openwall.com/lists/oss-security/2021/02/05/6 Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/04/09/2 Mailing List
http://www.openwall.com/lists/oss-security/2022/01/25/14 Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 Release Notes Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 Patch Vendor Advisory
https://security.netapp.com/advisory/ntap-20210312-0008/ Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/04/5 Mailing List Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-05T07:41:12

Updated: 2022-01-26T00:06:12

Reserved: 2021-02-05T00:00:00

Link: CVE-2021-26708

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2021-02-05T14:15:18.780

Modified: 2023-11-09T13:57:20.637

Link: CVE-2021-26708

JSON object: View

cve-icon Redhat Information

No data.

CWE