Shulou(Shulou.com)06/03 Report--

In this issue, the editor will bring you about the loopholes in the local kernel of linux. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

On July 20, 2019, Linux officially fixed a local kernel rights loophole. Through this vulnerability, an attacker can escalate a normal privileged user to Root privileges.

Vulnerability description

When PTRACE_TRACEME is called, the ptrace_link function gets a RCU reference to the parent process credentials and points the pointer to the get_cred function. However, the lifecycle rules of the object struct cred do not allow unconditional conversion of RCU references to stable references.

PTRACE_TRACEME acquires the credentials of the parent process, enabling it to perform various operations that the parent process can perform like the parent process. If a malicious low-privilege child process uses PTRACE_TRACEME and the parent process of the child process has high privileges, the child process can gain control of its parent process and call the execve function with the privileges of its parent process to create a new high-privilege process.

Loophole recurrence

A highly available exploit for this vulnerability is available on the Internet, as shown below:

Scope of influence

Currently affected Linux kernel versions:

Linux Kernel < 5.1.17

The above is what the linux local kernel rights loophole shared by the editor is. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.