Attackers can get root by crashing Ubuntu’s AccountsService

Advisories

Discover Security Vulnerabilities News

Attackers can get root by crashing Ubuntu’s AccountsService

8.Locks HexConnections CodeGlobe

A local privilege escalation security vulnerability (CVE-2021-3939) could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.

AccountsService is a D-Bus service that helps manipulate and query information attached to the user accounts available on a device.

The security flaw (a memory management bug tracked as CVE-2021-3939) was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.