CVE-2021-26708 – Linux Kernel Organization / Linux kernel – Improper privilege management
CVE-2021-26708 is an improper privilege management vulnerability impacting Linux kernel versions 5.10.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.
Summary:
CVE-2021-26708 is an improper privilege management vulnerability impacting Linux kernel versions 5.10.12 and earlier. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, a walk-through demo of an exploit was shared via YouTube.
PoC Links(if available):
GitHub commit exploit –
https://github.com/jordan9001/vsock_poc
Known Counter Measures:
The vulnerability was addressed in Linux kernel version 5.10.13.
Links to patches(if available)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446