Introduction to Linux local kernel privilege escalation vulnerability

王林
Release: 2020-01-16 17:22:42
forward
3317 people have browsed it

Introduction to Linux local kernel privilege escalation vulnerability

On July 20, 2019, Linux officially fixed a local kernel privilege escalation vulnerability. Through this vulnerability, an attacker can elevate a user with ordinary permissions to Root permissions.

Vulnerability Description

When PTRACE_TRACEME is called, the ptrace_link function will obtain an RCU reference to the parent process's credentials and then point that pointer to the get_cred function. However, the lifetime rules of the object struct cred do not allow unconditional conversion of an RCU reference into a stable reference.

PTRACE_TRACEME obtains the credentials of the parent process, enabling it to perform various operations like the parent process that the parent process can perform. If a malicious low-privilege child process uses PTRACE_TRACEME and the child process's parent process has high privileges, the child process can gain control of its parent process and call the execve function using the parent process's privileges to create a new high-privilege process.

Vulnerability Recurrence

There is a highly exploitable exploit for this vulnerability on the Internet. The exploit effect is as follows:

Introduction to Linux local kernel privilege escalation vulnerability

Scope of impact

Currently affected Linux kernel versions:

Linux Kernel

Fix Suggestions

1. Patch repair link:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git /commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

2. Upgrade the Linux kernel to the latest version.

Reference link

https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

Recommended related articles and tutorials:Server Security Tutorial

The above is the detailed content of Introduction to Linux local kernel privilege escalation vulnerability. For more information, please follow other related articles on the PHP Chinese website!

source:secpulse.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template