Posts by

UAFs in Linux Kernel Modules: CVE-2019-8912 & CVE-2019-8956
February 22, 2019
A researcher using syzkaller found a locally-exploitable bug in Linux’s crypto API, CVE-2019-8912, which allows for a use-after-free in sockfs_setattr. It’s received sudden buzz, probably because a bug in the kernel’s cryptography API sounds pretty scary! And, there’s a hot 2-for-1 special for Linux use-after-free bugs with the announcement of CVE-2019-8956, too. What makes it […]
Nested Guests: CVE-2019-7221
February 18, 2019
Earlier this month, twin KVM bugs found by Google’s Project Zero team were released publicly: CVE-2019-7221, a use-after-free vulnerability, and CVE-2019-7222, a memory leak that can assist exploitation of the former vulnerability. Why is it cool? If successfully exploited, CVE-2019-7221 can give an attacker a guest-to-host escape and root privileges on that host. It’s a […]
Dirty Sock: CVE-2019-7304
February 13, 2019
Today, Chris Moberly blogged about his local privilege escalation bug in Ubuntu Linux, CVE-2019-7304, a.k.a. the “Dirty Sock” exploit (ew). This affects snapd, which is installed on Ubuntu 16.04.4 LTS and later by default, but snapd is also available for other Linux distributions with a manual install. Beneath the hype: Snapd’s auto-update should mean you […]
A Brief Review of CVE-2019-5736: runc Container Breakout
February 12, 2019
A group of researchers yesterday announced CVE-2019-5736, a runc container breakout affecting container tools including Docker, Kubernetes, and containerd. Why it matters: Because many people run containers as “root,” the exploitability here is pretty easy. However, it still requires some level of interaction: Starting from an attacker-controlled container “Exec” (in Docker) into a compromised container […]