oss-sec mailing list archives
Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation
From: Alexander Popov <alex.popov () linux com>
Date: Fri, 9 Apr 2021 13:06:09 +0300
Hello! I published a detailed article about exploiting CVE-2021-26708 in AF_VSOCK implementation: https://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html In this article I describe how to gain local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP. The race condition may cause write-after-free of a 4-byte controlled value to a 64-byte kernel object at offset 40. That's quite limited memory corruption. I had a hard time turning it into arbitrary read/write of kernel memory. In this article I also describe possible exploit mitigations that could prevent exploitation of CVE-2021-26708 or at least make it harder. Best regards, Alexander
Current thread:
- Re: Linux kernel: Exploitable vulnerabilities in AF_VSOCK implementation Alexander Popov (Apr 09)