Home >Operation and Maintenance >Safety >Introduction to Linux local kernel privilege escalation vulnerability

Introduction to Linux local kernel privilege escalation vulnerability

王林
王林forward
2020-01-16 17:22:423367browse

Introduction to Linux local kernel privilege escalation vulnerability

On July 20, 2019, Linux officially fixed a local kernel privilege escalation vulnerability. Through this vulnerability, an attacker can elevate a user with ordinary permissions to Root permissions.

Vulnerability Description

When PTRACE_TRACEME is called, the ptrace_link function will obtain an RCU reference to the parent process's credentials and then point that pointer to the get_cred function. However, the lifetime rules of the object struct cred do not allow unconditional conversion of an RCU reference into a stable reference.

PTRACE_TRACEME obtains the credentials of the parent process, enabling it to perform various operations like the parent process that the parent process can perform. If a malicious low-privilege child process uses PTRACE_TRACEME and the child process's parent process has high privileges, the child process can gain control of its parent process and call the execve function using the parent process's privileges to create a new high-privilege process.

Vulnerability Recurrence

There is a highly exploitable exploit for this vulnerability on the Internet. The exploit effect is as follows:

Introduction to Linux local kernel privilege escalation vulnerability

Scope of impact

Currently affected Linux kernel versions:

Linux Kernel

Fix Suggestions

1. Patch repair link:

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git /commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

2. Upgrade the Linux kernel to the latest version.

Reference link

https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

Recommended related articles and tutorials:Server Security Tutorial

The above is the detailed content of Introduction to Linux local kernel privilege escalation vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:secpulse.com. If there is any infringement, please contact admin@php.cn delete