Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation

[Alexander Popov <alex.popov () linux com>]

Hello!

I published a detailed article about exploiting CVE-2021-26708 in AF_VSOCK
implementation: https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html

In this article I describe how to gain local privilege escalation on Fedora 33
Server for x86_64, bypassing SMEP and SMAP.

The race condition may cause write-after-free of a 4-byte controlled value to a
64-byte kernel object at offset 40. That's quite limited memory corruption. I
had a hard time turning it into arbitrary read/write of kernel memory.

In this article I also describe possible exploit mitigations that could prevent
exploitation of CVE-2021-26708 or at least make it harder.

Best regards,
Alexander