New SLUBStick Attack Makes Linux Kernel Vulnerabilities More Dangerous
Researchers from Graz University of Technology developed SLUBStick, a technique that exploits Linux kernel heap vulnerabilities with over 99% success, enabling privilege escalation and container escapes against modern defenses.
Read original article
A new exploitation technique for the Linux kernel, named SLUBStick, has been developed by researchers from Graz University of Technology. This technique enhances the danger posed by heap vulnerabilities, which have been on the rise in recent years. While previous methods, such as software cross-cache attacks, had limited success rates and often led to system crashes, SLUBStick boasts a success rate exceeding 99% on commonly used caches. It allows attackers to escalate limited heap vulnerabilities into arbitrary memory read/write capabilities, facilitating privilege escalation and container escapes, even against modern security defenses. The researchers demonstrated SLUBStick's effectiveness on Linux kernel versions 5.19 and 6.2, targeting nine known vulnerabilities from 2021 to 2023. They have made the SLUBStick artifacts and code available for public use, along with videos showcasing the exploit. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently warned about several Linux kernel vulnerabilities that are actively being exploited, with 14 flaws currently listed in their Known Exploited Vulnerabilities Catalog.
- SLUBStick is a new technique that increases the risk of Linux kernel heap vulnerabilities.
- It allows for a high success rate in exploiting memory vulnerabilities, surpassing previous methods.
- The technique can lead to privilege escalation and container escapes.
- Researchers have demonstrated SLUBStick against specific Linux kernel versions and vulnerabilities.
- CISA has issued warnings about actively exploited Linux kernel vulnerabilities.
Related
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
CVE-2021-4440: A Linux CNA Case Study
The Linux CNA mishandled CVE-2021-4440 in the 5.10 LTS kernel, causing information leakage and KASLR defeats. The issue affected Debian Bullseye and SUSE's 5.3.18 kernel, resolved in version 5.10.218.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The study explores data-only attacks on Linux systems, identifying critical file system objects for exploitation without requiring Kernel Address Space Layout Randomization. It presents novel exploit strategies and evaluates them against real-world vulnerabilities.
The Wild West of Proof of Concept Exploit Code (PoC)
CVE-2024-6387 is a serious unauthenticated remote code execution vulnerability in OpenSSH, with complex exploitation requiring knowledge of system architecture. The exploit code contains malicious elements, emphasizing risks of untrusted code.
0 commentsRelated
The Dirty Pipe Vulnerability
The Dirty Pipe Vulnerability (CVE-2022-0847) in Linux kernel versions since 5.8 allowed unauthorized data overwriting in read-only files, fixed in versions 5.16.11, 5.15.25, and 5.10.102. Discovered through CRC errors in log files, it revealed systematic corruption linked to ZIP file headers due to a kernel bug in Linux 5.10. The bug's origin was pinpointed by replicating data transfer issues between processes using C programs, exposing the faulty commit. Changes in the pipe buffer code impacted data transfer efficiency, emphasizing the intricate nature of kernel development and software component interactions.
CVE-2021-4440: A Linux CNA Case Study
The Linux CNA mishandled CVE-2021-4440 in the 5.10 LTS kernel, causing information leakage and KASLR defeats. The issue affected Debian Bullseye and SUSE's 5.3.18 kernel, resolved in version 5.10.218.
RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems
A vulnerability in OpenSSH's server on glibc-based Linux systems (CVE-2024-6387) allows remote code execution. Exploiting this flaw requires precise timing. The advisory discusses exploitation details, success rates, and contacting developers for related issues.
Exploring Novel File System Objects for Data-Only Attacks on Linux Systems
The study explores data-only attacks on Linux systems, identifying critical file system objects for exploitation without requiring Kernel Address Space Layout Randomization. It presents novel exploit strategies and evaluates them against real-world vulnerabilities.
The Wild West of Proof of Concept Exploit Code (PoC)
CVE-2024-6387 is a serious unauthenticated remote code execution vulnerability in OpenSSH, with complex exploitation requiring knowledge of system architecture. The exploit code contains malicious elements, emphasizing risks of untrusted code.