Introduction to Linux local privilege escalation vulnerability

On July 20, 2019, Linux officially fixed a local kernel privilege escalation vulnerability. An attacker can use this vulnerability to elevate users with normal privileges to Root privileges.

(Recommended tutorial: Website Security Tutorial)

Vulnerability Description

When PTRACE_TRACEME is called, the ptrace_link function will obtain an RCU reference to the parent process's credentials , and then point the pointer to the get_cred function. However, the lifetime rules of the object struct cred do not allow unconditional conversion of an RCU reference into a stable reference.

PTRACE_TRACEME obtains the credentials of the parent process, enabling it to perform various operations like the parent process that the parent process can perform. If a malicious low-privilege child process uses PTRACE_TRACEME and the child process's parent process has high privileges, the child process can gain control of its parent process and call the execve function using the parent process's privileges to create a new high-privilege process. The attacker ultimately controls the ptrace relationship between two processes with high privileges, which can be used to ptrace.

suid binary and gain root permissions.

Vulnerability Recurrence

There is a highly exploitable exploit for this vulnerability on the Internet. The exploit effect is as follows:

##Scope of impact

Currently affected Linux kernel versions:

Linux Kernel Repair suggestions

1. Patch repair link :

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6994eefb0053799d2e07cd140df6c2ea106c41ee

2. Upgrade the Linux kernel to the latest version.

Reference link

https://github.com/torvalds/linux/commit/6994eefb0053799d2e07cd140df6c2ea106c41ee

The above is the detailed content of Introduction to Linux local privilege escalation vulnerability. For more information, please follow other related articles on the PHP Chinese website!