CVE-2021-42008 – Linux Foundation / Linux kernel – Out-of-bounds write

December 10, 2021

CVE-2021-42008 is an out-of-bounds write vulnerability impacting Linux kernel versions 5.13.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

Summary:

CVE-2021-42008 is an out-of-bounds write vulnerability impacting Linux kernel versions 5.13.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

PoC Links(if available):

YouTube: Privilege escalation on latest Ubuntu kernel –
https://www.youtube.com/watch?v=d5f9xLK8Vhw&ab_channel=zhandai

Known Counter Measures:

The Linux Foundation addressed the vulnerability in Linux kernel versions 5.13.13.

Links to patches(if available)

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13.13

You may have missed

hackerone

HackerOne Bug Bounty Disclosure: dom-xss-in-tiktok-com-login-via-the-redirect-url-parameter-sh-yo

September 21, 2024
e0aaa60f37173cc4eab9a44b189a98d21c3300883a9142f388de5991f6b9f457

Damn-Vulnerable-Drone – An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking

September 21, 2024
a24a2416da7556ce2f6e7a9148d54dfef84790b2716281b7d928f69329141667

File-Unpumper – Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add

September 21, 2024
CISA Logo

CISA: New CISA Plan Aligns Federal Agencies in Cyber Defense

September 21, 2024
CISA Logo

CISA: CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities

September 21, 2024