Re: [PATCH 1/3] capabilities: user namespace capabilities

From: John Johansen
Date: Fri May 17 2024 - 08:49:09 EST


On 5/17/24 04:55, Jonathan Calmels wrote:
On Fri, May 17, 2024 at 06:32:46AM GMT, Eric W. Biederman wrote:

Pointers please?

That sentence sounds about 5 years out of date.

The link referenced is from last year.
Here are some others often cited by distributions:

https://nvd.nist.gov/vuln/detail/CVE-2022-0185
https://nvd.nist.gov/vuln/detail/CVE-2022-1015
https://nvd.nist.gov/vuln/detail/CVE-2022-2078
https://nvd.nist.gov/vuln/detail/CVE-2022-24122
https://nvd.nist.gov/vuln/detail/CVE-2022-25636

Recent thread discussing this too:
https://seclists.org/oss-sec/2024/q2/128


they were used in 2020, 2021, and 2022 pwn2own exploits. Sorry I don't remember the exact numbers and will have to dig.

pwn2own 2023 4/5 hacks used them
https://www.zerodayinitiative.com/blog/2023/3/23/pwn2own-vancouver-2023-day-two-results
I will need to dig to find the CVEs associated with them.

pwn2own 2024 I can not discuss atm

but its not just pwn2own, the actual list of kernel CVEs that unprivileged user namespaces make exploitable is much larger.