The KernelCare team announced that the patches addressing CVE-2021-26708 are currently being delivered. The vulnerability affects kernels starting from version 5.5-rc1 to 5.10.13. It is caused by an improperly handled race condition in the AF_VSOCK implementation, which is available to unprivileged users and shipped as a kernel module in all major distributions.
Privilege escalation and full system access
The vulnerability allows an unprivileged user to execute a malicious program, which provides privilege escalation, and as a consequence full system access. It was introduced as a part of a patch that also introduced multi-transport VSOCK and it would have locks in place that didn’t account for the possibility of a variable change on a different but related code path.
The vulnerability was disclosed on the OSS-Security mailing list and patches fixing it have been merged as of version 5.10.13, which is used on major distribution and receives vendor-supplied patches. KernelCare is now receiving patches for this vulnerability. KernelCare also allows users to patch it without waiting for a maintenance window or without rebooting the system. According to the announcement made by the company, EL8 already has patches ready, the other supported distributions will also receive them shortly.
See more Linux News