CVE-2021-41073

HIGH

Linux kernel <5.14.6 - Privilege Escalation

Title source: llm

Description

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

Exploits (2)

github 34 stars

by DarkFunct · cpoc

https://github.com/DarkFunct/CVE_Exploits/tree/main/CVE-2021-41073

View on github

inthewild WORKING POC

poc

https://github.com/chompie1337/linux_lpe_io_uring_cve-2021-41073

View Code ZIP pw:eip

References (7)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2021/09/18/2

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2022/06/04/4

[Patch, Vendor Advisory] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16c8d2df7ec0eed31b7d3b61cb13206a7fb930cc

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20211014-0003/

[Third Party Advisory] https://www.debian.org/security/2021/dsa-4978

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J7KSMIOQ4377CVTHMWNGNCWHMCRFRP2T/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PAP4TXEZ7J4EZQMQW5SIJMWXG7WZT3F7/

Scores

CVSS v3 7.8

EPSS 0.0162

EPSS Percentile 81.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-763

Status published

Products (14)

debian/debian_linux 10.0

fedoraproject/fedora 33

fedoraproject/fedora 34

linux/linux_kernel 5.10 - 5.10.68

netapp/cloud_backup

netapp/h300e_firmware

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500e_firmware

... and 4 more

Published Sep 19, 2021

Tracked Since Feb 18, 2026