Security News > 2021 > March > Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)

Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708)
2021-03-03 14:00

Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel.

The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server.

They appeared in Linux kernel version 5.5 in November 2019.

The vulnerable kernel drivers are shipped as kernel modules in all major GNU/Linux distributions.

"I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86 64 platform protections such as SMEP and SMAP. This research will lead to new ideas on how to improve Linux kernel security," said Popov.

The researcher prepared the fixing patch and disclosed the vulnerabilities responsibly to the Linux kernel security team.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/vVudBUMhKZM/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2572 1587 67 4290
Kernel 3 0 7 4 1 12