SSD Advisory – Linux Kernel AF_PACKET Use-After-Free Full report: http://ift.tt/2zv0WmQ Twitter: @SecuriTeam_SSD Weibo: SecuriTeam_SSD Vulnerabilities summary The following advisory describes a use-after-free vulnerability found in Linux Kernel’s implementation of AF_PACKET that can lead to privilege escalation. AF_PACKET sockets “allow users to send or receive packets on the device driver level. This for example lets them to implement their own protocol on top of the physical layer or to sniff packets including Ethernet and higher levels protocol headers” Credit The vulnerability was discovered by an independent security researcher which reported this vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program. Vendor response “It is quite likely that this is already fixed by: packet: hold bind lock when rebinding to fanout hook – http://ift.tt/2yv4Hun Also relevant, but not yet merged is packet: in packet_do_bind, test fanout with bind_lock held – http://ift.tt/2xLUmX5 We verified that this does not trigger on v4.14-rc2, but does trigger when reverting that first mentioned commit (008ba2a13f2d).”
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment