Yet Another Futex Vulnerability Found in the Kernel (CVE-2021-3347)

Yet Another Futex Vulnerability Found in the Kernel (CVE-2021-3347)

Linux vulnerabilities pile up. Year in, year out. You could say it’s inevitable really, given today’s complex computing environment. It is nonetheless frustrating when the same critical elements of the Linux OS kernel continue to surface as a vulnerable area.

Up to and including 2020, there are fourteen listed CVEs that cover the Linux futex implementation. Granted, futexes are formidably complex. Though futexes provide essential functionality, futexes are often not clearly understood, and some might argue that vulnerabilities are inevitable given the complexity of futex implementation.

Unfortunately, at the end of January 2021, another Linux kernel vulnerability that involves futex mishandling emerged. Worse, it involves a dangerous use-after-free vulnerability.

Continue reading “Yet Another Futex Vulnerability Found in the Kernel (CVE-2021-3347)”