Multiple Linux Kernel Vulnerabilities Could Allow Privilege Escalation

Heads up Linux users! Numerous vulnerabilities have been discovered in the Linux kernel that could allow privilege escalation. Patches are out, make sure to update your devices at the earliest.

Linux Kernel Vulnerabilities Fixed

A security researcher from Positive Technologies Alexander Popov has found numerous vulnerabilities affecting the Linux Kernel. Positive Technologies has disclosed the existence of five security flaws in Kernel via a recent update.

Elaborating more in another post, Popov mentioned that he found these vulnerabilities in the AF_VSOCK implementation. He could identify them as race condition flaws that allowed an adversary to gain elevated privileges on the target systems.

He tried exploiting one of these and could demonstrate local privilege escalation on a “Fedora Server 33 for x86_64, bypassing SMEP and SMAP”.

Describing these bugs, Popov stated,

CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS are shipped as kernel modules in all major GNU/Linux distributions. The vulnerable modules are automatically loaded when you create a socket for AF_VSOCK. That is available for unprivileged users and user namespaces are not needed for that.
These vulnerabilities are race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c.

These vulnerabilities appeared back in November 2019 in the commits that added VSOCK multi-transport support.

The race conditions were implicitly introduced in November 2019 in the commits c0cfa2d8a788fcf4 and 6a2c0962105ae8ce that added VSOCK multi-transport support. These commits were merged in the Linux kernel v5.5-rc1.

As for the CVE, these bugs have received the ID CVE-2021-26708 and a high-severity rating with CVSS score of 7.0.

Patches Rolled Out

Fortunately, before any active exploitation, Popov fixed these bugs for the users. Popov has confirmed merging of these patches with the mainline kernel version 5.11-rc7.

Also, the fixes have been “backported into the stable affected trees”.

As Positive Technologies elaborated, this isn’t the first time Popov found and patched a vulnerability. Earlier, he has also caught and fixed two Linux, bugs CVE-2017-2636 and CVE-2019-18683, as well in 2017 and 2020 respectively.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients