London-based Positive Technologies discovered five root-level vulnerabilities introduced through virtual socket implementation in the Linux kernel, which, if exploited, could lead to data theft, execution of administrator-level commands, as well as malware deployment. However, all five issues have now been fixed.
Positive Technologies security researcher Alexander PopovOpens a new window discovered a series of five crucial vulnerabilities in the Linux kernel. Now fixed, these vulnerabilities – tracked together as CVE-2021-26708Opens a new window – could have been exploited for a local privilege escalation.
Popov, who also works as a Linux kernel developer, told Toolbox, “Privilege escalation happens when a malicious user exploits a vulnerability in an application or operating system to gain elevated access to resources that should normally be unavailable to that user. The attacker can then use the newly gained privileges to steal confidential data, run administrative commands or deploy malware.â€
CVE-2021-26708 resides in the Linux kernel version 5.5, introduced through an update in November 2019 for virtual socket multi-transportation support (VSOCK). The update added unwanted race conditionsOpens a new window along with the desired virtual socket multi-transport support, which now exist in two kernel drivers – CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS.
VSOCK facilitates communication between virtual machines and the host they are running on, while a race condition (also called race hazard) in electronics, software, or other systems occurs when the substantive behavior of a particular system is dependent on the sequence or timing of other uncontrollable events.
It is categorized as a bug when one or more of the possible behaviors, such as granting unprivileged users escalated privileges, are undesirable.
Linux is largely considered one of the more secure and reliable operating systems today, so these vulnerabilities are a cause for concern. CVE-2021-26708 is rated 7.0 on the CVSS v3.0 scale, placing it in the ‘High’ severity category. Though a rating of 7 encapsulates the severity of the vulnerability, its impact may be more severe than initially anticipated.
This is because all major Linux/GNU distributions feature vulnerable kernel drivers (CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS) as kernel modules. Fortunately, Popov also issued a patch for the bugs, which has been inducted within Linux 5.10.13Opens a new window . He said, “I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86_64 platform protections such as SMEP and SMAP.â€
 Fix for the bugs has also been merged into mainline kernel version 5.11-rc7, and is available for multiple Linux distributions besides Fedora. “Linux distributions have added the fixing patch I developed into their security updates for the kernel versions affected by CVE-2021-26708,†Popov adds.
I’m glad to announce: in April I will give a talk at #Zer0ConOpens a new window about exploiting CVE-2021-26708 that I’ve fixed in the Linux kernel.
Thanks to @vangelis_at_POCOpens a new window and @POC_CrewOpens a new window for the invitation!
— Alexander Popov (@a13xp0p0v) March 1, 2021Opens a new window
See Also: Open Source Skills Are the Most Sought After for Cloud Tech: IBM
Linux Security
Users should install these recent security updates on their Linux systems. This research on exploiting CVE-2021-26708 will be valuable for the Linux kernel community, as it can lead to new ideas on how to improve Linux kernel security.
In its bid to improve the Linux family of open-source operating systems to stay ahead of any surprises in the form of glaring security gaps, Google, in late February, announced funding for the Linux FoundationOpens a new window to support work on Linux kernel security development. As a result, two full-time engineers Gustavo SilvaOpens a new window and Nathan ChancellorOpens a new window were appointed to maintain and improve kernel security.
In the past, security developers have criticized Linus Torvalds, the creator and principal developer of the Linux OS for inherent security weaknesses in the Linux kernel. Back in 2017, he saidOpens a new window , “Some security people have scoffed at me when I say that security problems are primarily ‘just bugs’. Those security people are f*cking morons.â€
Torvalds’ comment was a part of his response to Google’s Pixel security team member Kees Cook, who had submitted a pull request for hardened usercopy changes for v4.15-rc1. According to Torvalds, this would essentially kill processes in the OS kernel rather than debug them. “IT IS NOT ACCEPTABLE when security people set magical new rules, and then make the kernel panic when those new rules are violated,†he added.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!