oss-sec mailing list archives
Re: New Linux LPE via GSMIOC_SETCONF_DLCI?
From: "Dr. Christopher Kunz" <info () christopher-kunz de>
Date: Wed, 17 Apr 2024 10:47:46 +0200
Am 16.04.24 um 22:16 schrieb Solar Designer:
FWIW, YuriiCrimson's bug for 5.15 - 6.1 seems to be patched on current Debian:I'm puzzled by the lack of follow-ups on this, but anyway @FFFVR_ tweeted they also found (more) vulnerabilities in the n_gsm driver:
debianexploitgsm:/tmp/ExploitGSM/ExploitGSM_5_15_to_6_1$ ./ExploitGSM debian kallsyms restricted, begin retvial kallsyms table detected kernel path-> /boot/vmlinuz-6.1.0-20-amd64 detected compressed format -> xz Uncompressed kernel size -> 65900116 successfully taken kernel! begin try leak startup_xen! startup_xen leaked address -> ffffffff8546f1c0 text leaked address -> ffffffff83400000 lockdep_map_size -> 32 spinlock_t_size -> 4 mutex_size -> 32 gsm_mux_event_offset -> 56 Error set line discipline N_GSM, Operation not permitted --cku
Current thread:
- New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz (Apr 10)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer (Apr 10)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer (Apr 16)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Greg KH (Apr 16)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz (Apr 17)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer (Apr 16)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Donald Buczek (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Dr. Christopher Kunz (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Kyle Zeng (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer (Apr 11)
- Re: New Linux LPE via GSMIOC_SETCONF_DLCI? Solar Designer (Apr 10)