7

CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.6% 0.727
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7 1 5.9
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

http://www.openwall.com/lists/oss-security/2021/02/05/6
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2021/04/09/2
Mailing List
http://www.openwall.com/lists/oss-security/2022/01/25/14
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13
Vendor Advisory
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446
Patch
Vendor Advisory
https://security.netapp.com/advisory/ntap-20210312-0008/
Patch
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/02/04/5
Patch
Third Party Advisory
Mailing List