Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. “Concretely, exploiting the side-channel leakage pushes the success rate to above 99% for frequently used generic caches.”
Memory safety vulnerabilities impacting the Linux kernel have limited capabilities and are a lot more challenging to exploit owing to security features like Supervisor Mode Access Prevention (SMAP), Kernel address space layout randomization (KASLR), and kernel control flow integrity (kCFI).
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
While software cross-cache attacks have been devised as a way to counter kernel hardening strategies like coarse-grained heap separation, studies have shown that existing methods only have a success rate of only 40%.
SLUBStick has been demonstrated on versions 5.19 and 6.2 of the Linux kernel using nine security flaws (e.g., double free, use-after-free, and out-of-bounds write) discovered between 2021 and 2023, leading to privilege escalation to root with no authentication and container escapes.
The core idea behind the approach is to offer the ability to modify kernel data and obtain an arbitrary memory read-and- write primitive in a manner that reliably surmounts existing defences like KASLR.
However for this to work, the threat model assumes the presence of a heap vulnerability in the Linux kernel and that an unprivileged user has code execution capabilities.
“SLUBStick exploits more recent systems, including v5.19 and v6.2, for a wide variety of heap vulnerabilities,” the researchers said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords