CVE-2021-26708 – Linux Kernel Organization / Linux kernel – Improper privilege management

August 24, 2021

CVE-2021-26708 is an improper privilege management vulnerability impacting Linux kernel versions 5.10.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

Summary:

CVE-2021-26708 is an improper privilege management vulnerability impacting Linux kernel versions 5.10.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

PoC Links(if available):

GitHub commit exploit –
https://github.com/jordan9001/vsock_poc

Known Counter Measures:

The vulnerability was addressed in Linux kernel version 5.10.13.

Links to patches(if available)

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446

You may have missed

image

[KILLSEC] – Ransomware Victim: ABC Group

November 22, 2024
image

[QILIN] – Ransomware Victim: Hronopoulos

November 22, 2024
image

[PLAY] – Ransomware Victim: LenelS2

November 22, 2024
image

[INCRANSOM] – Ransomware Victim: Goldsmith & Hull

November 22, 2024
image

[RANSOMHUB] – Ransomware Victim: curenta[.]com

November 22, 2024