CVE-2021-41073

HIGH

Linux kernel <5.14.6 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-41073.

AI-analyzed exploit summary This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-41073, targeting a type confusion vulnerability in the Linux kernel's io_uring subsystem. The exploit leverages BPF and FUSE to achieve root access on vulnerable kernels (e.g., 5.15-rc1).

Description

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

Exploits (1)

inthewild WORKING POC

poc

https://github.com/chompie1337/linux_lpe_io_uring_cve-2021-41073

View Code ZIP pw:eip

This repository contains a functional local privilege escalation (LPE) exploit for CVE-2021-41073, targeting a type confusion vulnerability in the Linux kernel's io_uring subsystem. The exploit leverages BPF and FUSE to achieve root access on vulnerable kernels (e.g., 5.15-rc1).

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Linux Kernel 5.15-rc1

Auth required

Prerequisites: Linux kernel with io_uring enabled · liburing library · FUSE support · BPF functionality

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (7)

Core 7

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/09/18/2

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-4978

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20211014-0003/

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2022/06/04/4

Scores

CVSS v3 7.8

EPSS 0.0168

EPSS Percentile 82.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-763

Status published

Products (14)

debian/debian_linux 10.0

fedoraproject/fedora 33

fedoraproject/fedora 34

linux/linux_kernel 5.10 - 5.10.68

netapp/cloud_backup

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500e_firmware

... and 4 more

Published Sep 19, 2021

Tracked Since Feb 18, 2026