The KernelCare team announced that the patches addressing CVE-2021-26708 are currently being delivered. The vulnerability affects kernels starting from version 5.5-rc1 to 5.10.13. It is caused by an improperly handled race condition in the AF_VSOCK implementation, which is available to unprivileged users and shipped as a kernel module in all major distributions.
Privilege escalation and full system access
The vulnerability allows an unprivileged user to execute a malicious program, which provides privilege escalation, and as a consequence full system access. It was introduced as a part of a patch that also introduced multi-transport VSOCK and it would have locks in place that didn’t account for the possibility of a variable change on a different but related code path.
The vulnerability was disclosed on the OSS-Security mailing list and patches fixing it have been merged as of version 5.10.13, which is used on major distribution and receives vendor-supplied patches. KernelCare is now receiving patches for this vulnerability. KernelCare also allows users to patch it without waiting for a maintenance window or without rebooting the system. According to the announcement made by the company, EL8 already has patches ready, the other supported distributions will also receive them shortly.