A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2021/02/05/6 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2021/04/09/2 | Mailing List |
http://www.openwall.com/lists/oss-security/2022/01/25/14 | Mailing List |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 | Release Notes Vendor Advisory |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 | Patch Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210312-0008/ | Patch Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/02/04/5 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
09 Nov 2023, 13:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-667 | |
CPE | cpe:2.3:h:netapp:baseboard_management_controller_500f:-:*:*:*:*:*:*:* |
cpe:2.3:h:netapp:500f:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:* |
First Time |
Netapp 500f
Netapp a250 |
25 Feb 2022, 19:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp hci H410c Firmware
Netapp hci H410c Netapp fas Baseboard Management Controller Netapp baseboard Management Controller 500f Firmware Netapp baseboard Management Controller A250 Netapp Netapp baseboard Management Controller 500f Netapp solidfire \& Hci Management Node Netapp aff Baseboard Management Controller Netapp baseboard Management Controller A250 Firmware Netapp solidfire Baseboard Management Controller Netapp cloud Backup |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210312-0008/ - Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/04/09/2 - Mailing List | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/01/25/14 - Mailing List | |
CPE | cpe:2.3:o:netapp:baseboard_management_controller_500f_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_a250:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:fas_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:aff_baseboard_management_controller:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:hci_h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:hci_h410c:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:baseboard_management_controller_a250_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:baseboard_management_controller_500f:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:* |
26 Jan 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Mar 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Mar 2021, 14:47
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 - Release Notes, Vendor Advisory |
11 Feb 2021, 00:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : 6.9
v3 : 7.0 |
References | (MISC) https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 - Patch, Release Notes, Vendor Advisory | |
References | (MISC) https://www.openwall.com/lists/oss-security/2021/02/04/5 - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/02/05/6 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
05 Feb 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Feb 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-05 14:15
Updated : 2023-12-10 13:41
NVD link : CVE-2021-26708
Mitre link : CVE-2021-26708
CVE.ORG link : CVE-2021-26708
JSON object : View
Products Affected
netapp
- aff_baseboard_management_controller
- baseboard_management_controller_500f_firmware
- hci_h410c_firmware
- cloud_backup
- a250
- baseboard_management_controller_a250_firmware
- solidfire_\&_hci_management_node
- hci_h410c
- 500f
- fas_baseboard_management_controller
- solidfire_baseboard_management_controller
linux
- linux_kernel
CWE
CWE-667
Improper Locking