Linux nftables vulnerability exploited in the wild (CrowdStrike)
Date:
Fri, 07 Jun 2024 17:27:03 +0000
Description:
According to CrowdStrike , a vulnerability in the Linux kernel's nftables code that was discovered earlier this
year is being actively exploited in the wild. The vulnerability allows for local privilege escalation. Most distributions have already released a fix.
As noted by the exploit developer, leveraging this POC is dependent on the kernel's unprivileged user namespaces feature accessing nf_tables. This access is enabled by default on Debian, Ubuntu and kernel capture-the-flag (CTF) distributions. An attacker can then trigger the double-free vulnerability, scan
the physical memory for the kernel base address, bypass kernel address-space layout randomization (KASLR) and access the modprobe_path kernel variable with read/write privileges. After overwriting the modprobe_path, the exploit drops a
root shell.
======================================================================
Link to news story:
https://lwn.net/Articles/977583/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)