Young and growing Linux security developer Alexander Popov from Russia’s Positive Technologies discovered and fixed a set of five security holes in the Linux kernel’s virtual socket implementation. An attacker could use these vulnerabilities (CVE-2021-26708) to gain root access and knock out servers in a Denial of Service (DoS) attack.
With a Common Vulnerability Scoring System (CVSS) v3 base score of 7.0, high severity, smart Linux administrators will patch their systems as soon as possible.
While Popov discovered the flaws in the Red Hat community Linux distribution Fedora 33 Server, it exists in the system using the Linux kernel from November 201
These holes came into Linux when virtual multitransport support was added. This network transport enables communication between virtual machines (VMs) and their hosts. It is often used by guest agents and hypervisor services that need a communication channel that is independent of the World Cup network configuration. As such, people running virtual machines on the cloud, which is pretty much everyone these days, are particularly vulnerable.
The core issue is runtime conditions in kernel drivers CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS. These are shipped as core modules in all major Linux distributions. The reason this is such a serious problem is when a regular user creates an AF_VSOCK contact, the vulnerable modules are automatically loaded. A running state exists when the material behavior of a system depends on the sequence or timing of uncontrollable events.
Popov said: “I have successfully developed a prototype exploit for escalating local privileges on Fedora 33 Server, in addition to x86_64 platform protection such as SMEP and SMAP. This study will lead to new ideas on how to improve Linux kernel security.”
Meanwhile, Popov also prepared the update and revealed the vulnerabilities of the Linux kernel security team. Greg Kroah-Hartman, the stable maintenance manager for the Linux kernel, accepted the updates in Linux 5.10.13 on February 3rd. Since then, the patch has been merged into the mainline core version 5.11-rc7 and the backport to affected stable trees.
The patch has also already been incorporated into such popular Linux distributions as Red Hat Enterprise Linux (RHEL) 8, Debian, Ubuntu and SUSE.
This is far from the first time Popov discovered and fixed Linux vulnerabilities. He has previously found and repaired CVE-2019-18683 and CVE-2017-2636. Keep up the good work, Popov!