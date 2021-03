Alexander Popov of Russia’s Positive Technologies, a young and up-and-coming Linux security developer, discovered and fixed a set of five security holes in the virtual socket implementation of the Linux kernel. An attacker could use these vulnerabilities (CVE-2021-26708) to gain root access and knock out a server in a denial of service (DoS) attack.

Due to the high severity of the Common Vulnerability Scoring System (CVSS) v3, which has a base score of 7.0, smart Linux administrators should patch the system as soon as possible.

Popov discovered a bug in Red Hat’s community Linux distribution Fedora 33 Server, which exists on systems that use the Linux kernel from version 5.5 in November 2019 to the current mainline kernel version 5.11-rc6.

These holes went into Linux when virtual socket multi-transport support was added. This network transport facilitates communication between virtual machines (VMs) and their hosts. It is commonly used by guest agent and hypervisor services that require a communication channel that is independent of the VM network configuration. As a result, most people these days running VMs in the cloud are particularly vulnerable.

The main issue is the race condition of the CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS kernel drivers. These are shipped as kernel modules for all major Linux distributions. The reason this is such a serious problem is that the vulnerable module is automatically loaded every time a normal user creates an AF_VSOCK socket. Race conditions exist when the actual behavior of the system depends on a sequence or timing of uncontrollable events.

“We have succeeded in developing a prototype exploit for local privilege on Fedora 33 servers, bypassing x86_64 platform protections such as SMEP and SMAP. This study is about how to improve the security of the Linux kernel. It leads to new ideas. “

Meanwhile, Popov also prepared a patch and revealed the vulnerability to the Linux kernel security team. Greg Kroah-Hartman, Chief Maintainer of the Stable Linux Kernel, accepted a patch to Linux 5.10.13 on February 3rd. Since then, the patch has been merged into the mainline kernel version 5.11-rc7 and backported to the affected stable tree.

This patch is already included in popular Linux distributions such as Red Hat Enterprise Linux (RHEL) 8, Debian, Ubuntu and SUSE.

This is not the first time Popov has discovered and fixed a vulnerability in the Linux kernel. Earlier, he found and repaired CVE-2019-18683 and CVE-2017-2636. Popov, do your best!

