PoC Exploit Published for Linux Kernel Privilege Escalation Flaw
.webp "PoC Exploit Published for Linux Kernel Privilege Escalation Flaw")
A fundamental whisper-after-free vulnerability has been came across in the Linux kernel’s netfilter subsystem.
This vulnerability could well well doubtlessly enable local, unprivileged customers with CAP_NET_ADMIN ability to escalate their privileges.
The flaw, known in the upstream commit 5f68718b34a5 (“netfilter: nf_tables: GC transaction API to lead away from mosey with administration plane”), can inform off a whisper-after-free convey on an NFT_CHAIN object or NFT_OBJECT object when the catchall part is rubbish-quiet all via the elimination of the pipapo inform.
CVE-2024-0193 – Use-After-Free Vulnerability
The vulnerability does no longer non-public an impact on any shipped kernel releases of Crimson Hat Endeavor Linux (RHEL) 6, 7, and 8.
On the other hand, local, unprivileged customers can exploit unprivileged user namespaces (CONFIG_USER_NS) to grant themselves the CAP_NET_ADMIN ability, thereby doubtlessly exploiting this flaw.
The OpenShift Container Platform (OCP), which is fixed with Crimson Hat Endeavor Linux CoreOS (RHCOS), is additionally affected.
On the other hand, because of the nature of RHCOS, where local customers non-public already bought root permissions, the vulnerability does no longer fresh a predominant risk from an attacker’s standpoint.
Mitigation Systems
To mitigate this vulnerability, it’s very fundamental to govern the flexibility to originate user/procure namespaces.
For non-containerized deployments of Crimson Hat Endeavor Linux 8, user namespaces could even be disabled by atmosphere user.max_user_namespaces to 0:
# echo "user.max_user_namespaces=0" > /etc/sysctl.d/userns.conf
# sysctl -p /etc/sysctl.d/userns.conf
For containerized deployments, comparable to Crimson Hat OpenShift Container Platform, this mitigation could well additionally aloof no longer be utilized because the functionality needs to remain enabled.
Whereas the newly printed proof-of-theory exploit for this Linux kernel privilege escalation flaw is relating to, the impact on Crimson Hat Endeavor Linux and OpenShift environments stays restricted due to existing permissions and namespace configurations.
Administrators are urged to implement the suggested mitigations to safeguard their programs in opposition to doable exploitation.
For a detailed prognosis and further recordsdata, test with the Crimson Hat weblog put up on container vulnerability risk evaluate.
Source credit : cybersecuritynews.com
