Unrated severityNVD Advisory· Published Nov 7, 2021· Updated Aug 4, 2024
CVE-2021-43411
CVE-2021-43411
Description
An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- GNU/GNU Hurddescription
Patches
Vulnerability mechanics
References
3- lists.gnu.org/archive/html/bug-hurd/2021-05/msg00079.htmlmitrex_refsource_MISC
- salsa.debian.org/hurd-team/hurd/-/blob/4d1b079411e2f40576e7b58f9b5b78f733a2beda/debian/patches/0034-proc-Use-UIDs-for-evaluating-permissions.patchmitrex_refsource_MISC
- www.mail-archive.com/bug-hurd%40gnu.org/msg32112.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.