Gaining root access in Linux using the CVE-2021-26708 vulnerability

Abstract

In this work a Linux kernel vulnerability known as CVE-2021-26708 will be analyzed and dissected. This vulnerability allows gaining root access from an unauthorized and unprivileged user account using an error found in the Virtual Sockets subsystem. There are two main objectives in this work: the first one involves the analysis of the mentioned vulnerability and the Linux kernel subsystems affected by it and, also, the study of the patch developed to avoid its exploitation. The second objective is to develop a proof of concept exploit using the description of the vulnerability which will give root access to any user logged in the system.