Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 768894 (CVE-2021-26708) - kernel: Privilege escalation via AF_VSOCK implementation (CVE-2021-26708)
Summary: kernel: Privilege escalation via AF_VSOCK implementation (CVE-2021-26708)
Status: RESOLVED FIXED
Alias: CVE-2021-26708
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High critical (vote)
Assignee: Gentoo Kernel Security
URL:
Whiteboard: A1 [stable]
Keywords: CC-ARCHES, STABLEREQ
Depends on:
Blocks: CVE-2021-3347
  Show dependency tree
 
Reported: 2021-02-05 17:35 UTC by Sam James
Modified: 2021-03-28 01:16 UTC (History)
1 user (show)

See Also:
Package list:
sys-kernel/gentoo-sources-5.4.97 sys-kernel/gentoo-sources-4.19.175 sys-kernel/gentoo-sources-4.14.221 sys-kernel/gentoo-sources-4.9.257 sys-kernel/gentoo-sources-4.4.257
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-02-05 17:35:09 UTC
"A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support."
Comment 1 Thomas Deutschmann gentoo-dev Security 2021-02-06 14:18:22 UTC
Affects >=linux-5.5 (every kernel which has c0cfa2d8a788fcf45df5bf4070ab2474c88d543a).

Combining with stabilization from bug 767892.
Comment 2 Thomas Deutschmann gentoo-dev Security 2021-02-06 14:23:09 UTC
CVE-2021-3347 still needs another round for 4.4 and 4.9 :/
Comment 3 NATTkA bot gentoo-dev 2021-02-06 14:24:50 UTC Comment hidden (obsolete)
Comment 4 NATTkA bot gentoo-dev 2021-02-10 13:40:53 UTC Comment hidden (obsolete)
Comment 5 NATTkA bot gentoo-dev 2021-02-10 14:05:50 UTC Comment hidden (obsolete)
Comment 6 Thomas Deutschmann gentoo-dev Security 2021-02-11 19:50:21 UTC
Skipping linux-5.10.x for now due to i915 regression.
Comment 7 Thomas Deutschmann gentoo-dev Security 2021-02-11 23:25:36 UTC
x86 stable
Comment 8 Thomas Deutschmann gentoo-dev Security 2021-02-11 23:26:07 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2021-03-26 14:49:07 UTC
ppc stable
Comment 10 Sam James archtester gentoo-dev Security 2021-03-26 15:24:42 UTC
arm, arm64 done
Comment 11 Agostino Sarubbo gentoo-dev 2021-03-27 18:25:32 UTC
ppc64 stable
Comment 12 Thomas Deutschmann gentoo-dev Security 2021-03-28 01:16:08 UTC
spark marked stable under kernel project policy.

All done.