5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered

http://thehackernews.com/2016/12/linux-kernel-local-root-exploit.html?m=1

There is a bug in Linux raw packets handling code.

3 Comments

  1. Tomi Engdahl says:

    CVE-2016-8655
    https://access.redhat.com/security/cve/cve-2016-8655

    A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

    This issue does not affect Red Hat Enterprise Linux 5 and 6.

    CVE-2016-8655
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8655

    Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.

    Reply
  2. Tomi Engdahl says:

    CVE-2016-8655 Linux af_packet.c race condition (local root)
    http://www.openwall.com/lists/oss-security/2016/12/06/1

    This is an announcement about CVE-2016-8655 which is a race-condition
    I found in Linux (net/packet/af_packet.c). It can be exploited to gain
    kernel code execution from unprivileged processes.

    The bug was introduced on Aug 19, 2011:
    https://github.com/torvalds/linux/commit/f6fb8f100b807378fda19e83e5ac6828b638603a

    Fixed on Nov 30, 2016:
    https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*