First published: Fri Feb 05 2021(Updated: )
A flaw was found in the Linux kernel. Wrong locking in the AF_VSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <0:4.18.0-240.22.1.rt7.77.el8_3 | 0:4.18.0-240.22.1.rt7.77.el8_3 |
redhat/kernel | <0:4.18.0-240.22.1.el8_3 | 0:4.18.0-240.22.1.el8_3 |
Linux Linux kernel | >=5.5<5.10.13 | |
Netapp Aff Baseboard Management Controller | ||
Netapp Cloud Backup | ||
Netapp Fas Baseboard Management Controller | ||
Netapp Solidfire \& Hci Management Node | ||
Netapp Solidfire Baseboard Management Controller | ||
Netapp Baseboard Management Controller 500f Firmware | <15.3 | |
Netapp Baseboard Management Controller 500f | ||
Netapp Baseboard Management Controller A250 Firmware | <15.3 | |
Netapp Baseboard Management Controller A250 | ||
Netapp Hci H410c Firmware | ||
Netapp Hci H410c | ||
Netapp 500f | ||
Netapp A250 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-26708 is high with a severity value of 7.
CVE-2021-26708 is a local privilege escalation vulnerability that affects the Linux kernel before version 5.10.13.
CVE-2021-26708 can be exploited by an attacker with local access to escalate their privileges on a vulnerable system.
Apply the latest security patches or upgrade to a version of the Linux kernel that is not affected by CVE-2021-26708.
Additional information about CVE-2021-26708 can be found in the references provided: [Reference 1](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446), [Reference 2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1925595), [Reference 3](https://www.openwall.com/lists/oss-security/2021/02/04/5).