Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity). These vulnerabilities result from race conditions that were implicitly added with virtual socket multi-transport support. They appeared in Linux kernel version … More
The post Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708) appeared first on Help Net Security.