Login Sign Up

CVE-2021-43411

7.5 HIGH

📋 TL;DR

This CVE describes a privilege escalation vulnerability in GNU Hurd where during execution of setuid binaries, there's a timing window where the process has elevated privileges but remains accessible through its old process port. This allows attackers to gain full root access. Only systems running vulnerable versions of GNU Hurd are affected.

💻 Affected Systems

Products:
  • GNU Hurd
Versions: All versions before 0.9 20210404-9
Operating Systems: GNU Hurd
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects GNU Hurd systems with setuid binaries present. Most Linux distributions are not affected.

📦 What is this software?

Hurd by Gnu

View all CVEs affecting Hurd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full root privilege escalation allowing complete system compromise, data theft, persistence establishment, and lateral movement.

🟠

Likely Case

Local privilege escalation from any user account to root, enabling unauthorized administrative access.

🟢

If Mitigated

Minimal impact if proper access controls and monitoring are in place, though privilege escalation would still be possible.

🌐 Internet-Facing: LOW - GNU Hurd is rarely deployed in internet-facing production environments.
🏢 Internal Only: MEDIUM - Internal systems running GNU Hurd could be compromised by authenticated users.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to execute code. Exploitation depends on timing race conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9 20210404-9 and later

Vendor Advisory: https://lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.html

Restart Required: Yes

Instructions:

1. Update GNU Hurd to version 0.9 20210404-9 or later. 2. Apply the patch that uses UIDs for evaluating permissions. 3. Reboot the system to ensure all processes use the patched kernel.

🔧 Temporary Workarounds

Disable setuid binaries

all

Remove setuid permissions from binaries to prevent privilege escalation vector

find / -type f -perm -4000 -exec chmod u-s {} \;

Restrict user access

all

Limit user accounts and implement strict access controls

🧯 If You Can't Patch

  • Restrict user accounts to trusted individuals only
  • Implement strict monitoring of privilege escalation attempts and process creation

🔍 How to Verify

Check if Vulnerable:

Check GNU Hurd version: uname -a should show version earlier than 0.9 20210404-9

Check Version:

uname -a

Verify Fix Applied:

Verify version is 0.9 20210404-9 or later: uname -a

📡 Detection & Monitoring

Log Indicators:

  • Unusual process privilege escalation
  • Multiple failed setuid executions
  • Unexpected root process creation

Network Indicators:

  • None - this is a local privilege escalation

SIEM Query:

process where parent_process_name contains 'setuid' and user != 'root' and new_user = 'root'

📊 Metadata

CVE ID: CVE-2021-43411
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: November 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43411, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)