CVE-2021-26708 – Linux Kernel Organization / Linux kernel – Improper privilege management

CVE-2021-26708 is an improper privilege management vulnerability impacting Linux kernel versions 5.10.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

Summary:

CVE-2021-26708 is an improper privilege management vulnerability impacting Linux kernel versions 5.10.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.

PoC Links(if available):

GitHub commit exploit –
https://github.com/jordan9001/vsock_poc

Known Counter Measures:

The vulnerability was addressed in Linux kernel version 5.10.13.

Links to patches(if available)

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446