Discover Security Vulnerabilities News
Attackers can get root by crashing Ubuntu’s AccountsService
A local privilege escalation security vulnerability (CVE-2021-3939) could allow attackers to gain root access on Ubuntu systems by exploiting a double-free memory corruption bug in GNOME's AccountsService component.
AccountsService is a D-Bus service that helps manipulate and query information attached to the user accounts available on a device.
The security flaw (a memory management bug tracked as CVE-2021-3939) was accidentally spotted by GitHub security researcher Kevin Backhouse while testing an exploit demo for another AccountsService bug that also made it possible to escalate privileges to root on vulnerable devices.