7
CVE-2021-26708
- EPSS 0.88%
- Veröffentlicht 05.02.2021 14:15:18
- Zuletzt bearbeitet 21.11.2024 05:56:42
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.13
Netapp ≫ Aff Baseboard Management Controller Version-
Netapp ≫ Cloud Backup Version-
Netapp ≫ Fas Baseboard Management Controller Version-
Netapp ≫ Solidfire & Hci Management Node Version-
Netapp ≫ Solidfire Baseboard Management Controller Version-
Netapp ≫ Baseboard Management Controller 500f Firmware Version < 15.3
Netapp ≫ Baseboard Management Controller A250 Firmware Version < 15.3
Netapp ≫ Hci H410c Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.746 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
CWE-667 Improper Locking
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.