Re: Linux: Use-After-Free exploitation

From: Kees Cook
Date: Wed Jun 22 2022 - 19:06:28 EST

Next message: Ira Weiny: "Re: [PATCH V11 3/8] PCI: Create PCI library functions in support of DOE mailboxes."
Previous message: Arun Easi: "Re: [EXT] Re: [REGRESSION] qla2xxx: tape drive not removed after unplug FC cable"
In reply to: Muni Sekhar: "Linux: Use-After-Free exploitation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jun 22, 2022 at 11:38:39AM +0530, Muni Sekhar wrote:
> Use-After-Free bugs result in kernel crashes. If these bugs result in
> kernel crashes then how is it possible to exploit this vulnerability
> for local privilege escalation?

There are many examples of manipulating memory layout in a way that an
attacker can control. For example, see:
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html

--
Kees Cook

Next message: Ira Weiny: "Re: [PATCH V11 3/8] PCI: Create PCI library functions in support of DOE mailboxes."
Previous message: Arun Easi: "Re: [EXT] Re: [REGRESSION] qla2xxx: tape drive not removed after unplug FC cable"
In reply to: Muni Sekhar: "Linux: Use-After-Free exploitation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]