Linux Kernel Flaw Let Attackers Gain Full Root Access: PoC Published
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Security researchers have uncovered a critical vulnerability in the Linux kernel’s io_uring subsystem, which could allow attackers to gain full root access to affected systems.
The flaw, tracked as CVE-2024-0582, was found to be particularly exploitable in Ubuntu distributions due to a delay in patching despite the vulnerability being addressed in the stable kernel release in December 2023.
📁🄳🄾🄲🅄🄼🄴🄽🅃
CVE-2024-0582 : The Use-After-Free Vulnerability
The vulnerability stems from a use-after-free (UAF) condition in the io_uring interface, a feature introduced in Linux kernel version 5.1 to improve the performance of applications with high I/O operations.
Despite its benefits, io_uring has been a hotbed for security vulnerabilities, leading to its restriction or outright disablement in environments like ChromeOS, Google’s production servers, and Android.
CVE-2024-0582 allows an attacker to gain read and write access to previously freed pages, offering a potent exploit primitive far beyond the typical UAF exploit.
This vulnerability was present in Linux kernel versions from 6.4 up to, but not including, 6.7, affecting major Ubuntu releases such as Ubuntu 23.10 and Ubuntu 22.04 LTS.
Exodus Intelligence has recently released a report on a flaw found in the Linux Kernel. The flaw allows an attacker to obtain elevated privileges on a system by exploiting a vulnerability in the Futex subsystem.
Patch Timeline
CVE-2024-0582’s exploitability lies in its ability to allow data-only exploits, bypassing common exploit mitigations like Control-Flow Integrity (CFI).
Attackers can manipulate data to escalate privileges without altering the code execution flow. This vulnerability was exploited using a data-only strategy, enabling a non-privileged user to achieve root privileges on affected systems.
According to a recent tweet by Cyber Advising, a memory leak vulnerability has been identified as CVE-2024-0582 in the Linux kernel’s io_uring functionality.
CVE-2024-0582: memory leak flaw was found in the Linux kernel’s io_uring functionality .. IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
PoChttps://t.co/g4tmiTYwZn
— Cyber Advising (@cyber_advising) March 31, 2024
The io_uring Interface
io_uring offers a high-performance, asynchronous I/O API, reducing the overhead caused by blocking system calls and data transfers between user and kernel space. However, its complexity has made it a target for vulnerability research.
The io_uring API consists of three system calls:
Exploitation Strategy
The exploitation strategy triggered the UAF condition by manipulating io_uring’s provided buffer rings, explicitly using the IOU_PBUF_RING_MMAP flag.
MMap the buffer ring
This allowed attackers to retain access to memory pages even after they were freed and reallocated by the kernel for other purposes, such as file structures (struct file).
Allocating file structures within a controlled page
This effectively allowed the addition of a backdoor account with root privileges.
The discovery and exploitation of CVE-2024-0582 highlight significant concerns regarding the security of theio_uringsubsystem and the timely patching vulnerabilities in widely used distributions like Ubuntu.
The two-month patch gap for Ubuntu kernels allowed attackers to exploit this vulnerability, underscoring the importance of rapid vulnerability response processes.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Linux Kernel Flaw Let Attackers Gain Full Root Access: PoC Published
Author: DhivyaSecurity researchers have uncovered a critical vulnerability in the Linux kernel’s io_uring subsystem, which could allow attackers to gain full root access to affected systems.
The flaw, tracked as CVE-2024-0582, was found to be particularly exploitable in Ubuntu distributions due to a delay in patching despite the vulnerability being addressed in the stable kernel release in December 2023.
📁🄳🄾🄲🅄🄼🄴🄽🅃
CVE-2024-0582 : The Use-After-Free Vulnerability
The vulnerability stems from a use-after-free (UAF) condition in the io_uring interface, a feature introduced in Linux kernel version 5.1 to improve the performance of applications with high I/O operations.
Despite its benefits, io_uring has been a hotbed for security vulnerabilities, leading to its restriction or outright disablement in environments like ChromeOS, Google’s production servers, and Android.
CVE-2024-0582 allows an attacker to gain read and write access to previously freed pages, offering a potent exploit primitive far beyond the typical UAF exploit.
This vulnerability was present in Linux kernel versions from 6.4 up to, but not including, 6.7, affecting major Ubuntu releases such as Ubuntu 23.10 and Ubuntu 22.04 LTS.
Exodus Intelligence has recently released a report on a flaw found in the Linux Kernel. The flaw allows an attacker to obtain elevated privileges on a system by exploiting a vulnerability in the Futex subsystem.
Patch Timeline
- December 8, 2023 : The vulnerability was patched in the stable kernel release 6.6.5.
- January 8, 2024 : The Project Zero issue detailing CVE-2024-0582 was made public.
- February 22, 2024 : Ubuntu finally patched the issue in kernel version 6.5.0-21 for Ubuntu 22.04 LTS and Ubuntu 23.10.
CVE-2024-0582’s exploitability lies in its ability to allow data-only exploits, bypassing common exploit mitigations like Control-Flow Integrity (CFI).
Attackers can manipulate data to escalate privileges without altering the code execution flow. This vulnerability was exploited using a data-only strategy, enabling a non-privileged user to achieve root privileges on affected systems.
According to a recent tweet by Cyber Advising, a memory leak vulnerability has been identified as CVE-2024-0582 in the Linux kernel’s io_uring functionality.
CVE-2024-0582: memory leak flaw was found in the Linux kernel’s io_uring functionality .. IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
PoChttps://t.co/g4tmiTYwZn
— Cyber Advising (@cyber_advising) March 31, 2024
The io_uring Interface
io_uring offers a high-performance, asynchronous I/O API, reducing the overhead caused by blocking system calls and data transfers between user and kernel space. However, its complexity has made it a target for vulnerability research.
The io_uring API consists of three system calls:
- io_uring_setup()
- io_uring_register()
- io_uring_enter()
Exploitation Strategy
The exploitation strategy triggered the UAF condition by manipulating io_uring’s provided buffer rings, explicitly using the IOU_PBUF_RING_MMAP flag.
MMap the buffer ringThis allowed attackers to retain access to memory pages even after they were freed and reallocated by the kernel for other purposes, such as file structures (struct file).
Allocating file structures within a controlled pageThis effectively allowed the addition of a backdoor account with root privileges.
The discovery and exploitation of CVE-2024-0582 highlight significant concerns regarding the security of theio_uringsubsystem and the timely patching vulnerabilities in widely used distributions like Ubuntu.
The two-month patch gap for Ubuntu kernels allowed attackers to exploit this vulnerability, underscoring the importance of rapid vulnerability response processes.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
