Linux Kernel Privilege Escalation Vulnerability Allows Root Access

CVSScvssV3_1: 7.8

The Linux kernel, which powers many operating systems, servers and devices, contains a vulnerability that can allow attackers to gain root access on affected systems.

The issue exists in the io_uring subsystem’s file closing operation and is caused by a mismatch between when the kernel checks permissions and when the action is actually performed, known as a time-of-check to time-of-use (TOCTOU) bug.

An unprivileged local user could exploit this to escalate privileges to the root user by manipulating file descriptors between the check and use. This works because permissions are checked when requesting the close, but the actual close happens later.

Linux kernels 5.6 through 5.11 are affected. The bug was introduced in commit b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb and was fixed in commit 9eac1904d3364254d622bf2c771c4f85cd435fc2, which was backported to stable kernels in 788d0824269bef539fe31a785b1517882eafed93.

To protect themselves, users should update their Linux kernel to the latest version to apply the patch. System administrators should also carefully manage access and monitor their systems for any unauthorized access attempts. Applying the principle of least privilege is also recommended to limit the potential impact of any exploits.