Patches for CVE-2021-26708 are being delivered - TuxCare

Patches for CVE-2021-26708 are being delivered

KernelCare Team

February 10, 2021

VSOCK

patches for CVE-2021-26708 are being delivered

 

A new week, a new vulnerability announced. This time, it affects kernels starting from version 5.5-rc1 (November 2019) up 5.10.13 (February 2021).

This vulnerability is an improperly handled race condition in the AF_VSOCK implementation, a kernel facility available to unprivileged users that is shipped as a kernel module in all major distributions.

It allows an unprivileged local user to write a malicious program that provides privilege escalation and full system access as a consequence.

It was introduced in the kernel as part of a patch that introduced multi-transport VSOCK support. This code would have locks in place that didn’t account for the possibility of a variable change on a different but related code path.

This specific kernel functionality (VSOCK) was not particularly affected by vulnerabilities over the years (only three kernel vulnerabilities mention VSOCK over the last 8 years), but it does raise the point that, wherever a security specialist digs deep enough, something ends up vulnerable.

This vulnerability was (responsibly) disclosed on the OSS-Security mailing list, and code patches fixing it have been merged as of version 5.10.13. The kernel being used on major distributions is receiving vendor-supplied patches.

If you prefer to patch it without waiting for a maintenance window or without rebooting your system, KernelCare is now receiving patches for this vulnerability that are applied without disruption. EL8 already has patches ready, the other supported distributions will receive them shortly as well.

A detailed article will be up in the blog soon.

Stay in the Loop

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching