Login Sign Up

CVE-2021-41073

7.8 HIGH

📋 TL;DR

This is a local privilege escalation vulnerability in the Linux kernel's io_uring subsystem. It allows local users to trigger a use-after-free condition by exploiting the IORING_OP_PROVIDE_BUFFERS operation, potentially gaining root privileges. Affects Linux kernel versions 5.10 through 5.14.6.

💻 Affected Systems

Products:
  • Linux kernel
Versions: 5.10 through 5.14.6
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Requires io_uring subsystem to be enabled (default in most configurations). Exploitation requires local access to the system.

📦 What is this software?

Cloud Backup by Netapp

View all CVEs affecting Cloud Backup →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

H300e Firmware by Netapp

View all CVEs affecting H300e Firmware →

H300s Firmware by Netapp

View all CVEs affecting H300s Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410c Firmware by Netapp

View all CVEs affecting H410c Firmware →

H410s Firmware by Netapp

View all CVEs affecting H410s Firmware →

H500e Firmware by Netapp

View all CVEs affecting H500e Firmware →

H500s Firmware by Netapp

View all CVEs affecting H500s Firmware →

H700e Firmware by Netapp

View all CVEs affecting H700e Firmware →

H700s Firmware by Netapp

View all CVEs affecting H700s Firmware →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Solidfire Baseboard Management Controller by Netapp

View all CVEs affecting Solidfire Baseboard Management Controller →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains full root privileges, compromising the entire system and potentially accessing sensitive data or installing persistent malware.

🟠

Likely Case

Local user escalates privileges to root, enabling unauthorized access to system resources and data.

🟢

If Mitigated

With proper access controls limiting local user accounts, impact is reduced but still significant for authorized users.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring existing local access, not remotely exploitable.
🏢 Internal Only: HIGH - Any local user account can potentially exploit this to gain root privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local user access and knowledge of the vulnerability. Public exploit code exists in security mailing lists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel 5.14.7 and later, backported to stable kernels

Vendor Advisory: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc

Restart Required: Yes

Instructions:

1. Update Linux kernel to version 5.14.7 or later. 2. For distributions with backported patches, apply security updates from your vendor. 3. Reboot the system to load the new kernel.

🔧 Temporary Workarounds

Disable io_uring module

linux

Prevent loading of the vulnerable io_uring kernel module

echo 'blacklist io_uring' >> /etc/modprobe.d/blacklist.conf
rmmod io_uring

Restrict local user access

linux

Limit which users have shell access to vulnerable systems

🧯 If You Can't Patch

  • Implement strict access controls to limit local user accounts
  • Monitor for privilege escalation attempts and unusual root activity

🔍 How to Verify

Check if Vulnerable:

Check kernel version with 'uname -r' and compare to affected range 5.10-5.14.6

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is 5.14.7 or later, or check with distribution-specific security update verification

📡 Detection & Monitoring

Log Indicators:

  • Unusual privilege escalation events in audit logs
  • Failed attempts to load io_uring module
  • Suspicious process creation with elevated privileges

Network Indicators:

  • Not applicable - local exploit only

SIEM Query:

search 'privilege escalation' OR 'setuid' OR 'setgid' in process execution logs from non-root users

📊 Metadata

CVE ID: CVE-2021-41073
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-763
Published: September 19, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-41073, you might also want to check these:

CVE-2024-44852 9.8

CVE-2024-44852 is a critical memory corruption vulnerability in ROS2 navigation2's theta_star planne...

Same vulnerability type (CWE-763)
CVE-2021-24028 9.8

This vulnerability in Facebook Thrift's table-based serialization allows an invalid free operation t...

Same vulnerability type (CWE-763)
CVE-2021-3682 8.5

This vulnerability in QEMU's USB redirector device emulation allows a malicious SPICE client to trig...

Same vulnerability type (CWE-763)