Bug 768894 (CVE-2021-26708)

Summary:	kernel: Privilege escalation via AF_VSOCK implementation (CVE-2021-26708)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Kernel	Assignee:	Gentoo Kernel Security <security-kernel>
Status:	RESOLVED FIXED
Severity:	critical	CC:	hydrapolic
Priority:	High	Keywords:	CC-ARCHES, STABLEREQ
Version:	unspecified	Flags:	nattka: sanity-check+
Hardware:	All
OS:	Linux
Whiteboard:	A1 [stable]
Package list:	sys-kernel/gentoo-sources-5.4.97 sys-kernel/gentoo-sources-4.19.175 sys-kernel/gentoo-sources-4.14.221 sys-kernel/gentoo-sources-4.9.257 sys-kernel/gentoo-sources-4.4.257	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	767892

Description Sam James archtester

2021-02-05 17:35:09 UTC

"A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support."

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-06 14:18:22 UTC

Affects >=linux-5.5 (every kernel which has c0cfa2d8a788fcf45df5bf4070ab2474c88d543a).

Combining with stabilization from bug 767892.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-06 14:23:09 UTC

CVE-2021-3347 still needs another round for 4.4 and 4.9 :/

Comment 3 NATTkA bot gentoo-dev

2021-02-06 14:24:50 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: sys-kernel/gentoo-sources-4.9.257

Comment 4 NATTkA bot gentoo-dev

2021-02-10 13:40:53 UTC Comment hidden (obsolete)

Unable to check for sanity:

> no match for package: sys-kernel/gentoo-sources-5.10.15

Comment 5 NATTkA bot gentoo-dev

2021-02-10 14:05:50 UTC Comment hidden (obsolete)

All sanity-check issues have been resolved

Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-11 19:50:21 UTC

Skipping linux-5.10.x for now due to i915 regression.

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-11 23:25:36 UTC

x86 stable

Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev

2021-02-11 23:26:07 UTC

amd64 stable

Comment 9 Agostino Sarubbo gentoo-dev

2021-03-26 14:49:07 UTC

ppc stable

Comment 10 Sam James archtester

2021-03-26 15:24:42 UTC

arm, arm64 done

Comment 11 Agostino Sarubbo gentoo-dev

2021-03-27 18:25:32 UTC

ppc64 stable

Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev

2021-03-28 01:16:08 UTC

spark marked stable under kernel project policy.

All done.