Re: [PATCH 1/3] capabilities: user namespace capabilities
From: John Johansen
Date: Fri May 17 2024 - 08:49:09 EST
On 5/17/24 04:55, Jonathan Calmels wrote:
On Fri, May 17, 2024 at 06:32:46AM GMT, Eric W. Biederman wrote:
Pointers please?
That sentence sounds about 5 years out of date.
The link referenced is from last year.
Here are some others often cited by distributions:
https://nvd.nist.gov/vuln/detail/CVE-2022-0185
https://nvd.nist.gov/vuln/detail/CVE-2022-1015
https://nvd.nist.gov/vuln/detail/CVE-2022-2078
https://nvd.nist.gov/vuln/detail/CVE-2022-24122
https://nvd.nist.gov/vuln/detail/CVE-2022-25636
Recent thread discussing this too:
https://seclists.org/oss-sec/2024/q2/128
they were used in 2020, 2021, and 2022 pwn2own exploits. Sorry I don't remember the exact numbers and will have to dig.
pwn2own 2023 4/5 hacks used them
https://www.zerodayinitiative.com/blog/2023/3/23/pwn2own-vancouver-2023-day-two-results
I will need to dig to find the CVEs associated with them.
pwn2own 2024 I can not discuss atm
but its not just pwn2own, the actual list of kernel CVEs that unprivileged user namespaces make exploitable is much larger.