[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Linux Kernel use-after-free write in netfilter
From: Solar Designer <solar () openwall ! com>
Date: 2022-08-25 13:20:21
Message-ID: 20220825132021.GA27469 () openwall ! com
[Download RAW message or body]
On Tue, May 31, 2022 at 10:00:32AM +0100, EDG EDG wrote:
> A use-after-free write vulnerability was identified within the
> netfilter subsystem
> which can be exploited to achieve privilege escalation to root.
>
> In order to trigger the issue it requires the ability to create user/net
> namespaces.
>
> This issue has been fixed within the following commit:
>
> https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/net/netfilter?id=520778042ccca019f3ffa136dd0ca565c486cedd
>
> The issue was previously confirmed on the latest linux master (commit
> 143a6252e1b8ab424b4b293512a97cca7295c182) and we have confirmed it can be
> exploited for privilege escalation on Ubuntu 22.04 (Linux kernel
> 5.15.0-27-generic).
[...]
> # POC Code
[...]
> printf("should have triggered KASAN\n");
While the message above included PoC code, there's now also a blog post
and GitHub repo with a full exploit:
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
https://github.com/theori-io/CVE-2022-32250-exploit
"In this post, we have shown the process of exploiting CVE-2022-32250.
We were able to leak KASLR and overwrite modprobe_path by utilizing the
mqueue functions, and as a result, we successfully gained root
privileges in Ubuntu 22.04."
Alexander
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic