Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel’s filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string “//deleted” to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.
You May Also Like
perfexcrm 1.10 Cross Site Scripting
perfexcrm version 1.10 suffers from a persistent cross site scripting vulnerability.
- cybersecurityredflag_sdevzw
- July 6, 2021
China-linked APT groups targets orgs via Pulse Secure VPN devices
Researchers from FireEye warn that China-linked APT groups continue to target Pulse…
- cybersecurityredflag_sdevzw
- May 28, 2021
HEUR.Backdoor.Win32.Generic Unauthenticated Open Proxy
HEUR.Backdoor.Win32.Generic malware suffers from an unauthenticated open proxy vulnerability.
- cybersecurityredflag_sdevzw
- July 18, 2021
DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates
A shadow court system for hackers shows how professional ransomware gangs have…
- cybersecurityredflag_sdevzw
- May 21, 2021