Linux security developer Alexander Popov from Russia’s Positive Technologies discovered and fixed five security holes in the Linux kernel’s virtual socket implementation. A threat actor could use these vulnerabilities – CVE-2021-26708 – to gain root access and overthrow servers in a Denial of Service (DoS) attack.
Alexander Popov said, “I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86_64 platform protections such as SMEP and SMAP. This research will lead to new ideas on how to improve Linux kernel security.”
To Read More: ZDNet