New Linux kernel attack slips past modern defenses — SLUBStick boasts a 99% success rate

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

New Linux kernel ******* slips past modern defenses — SLUBStick boasts a 99% success rate

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

Researchers at the Graz University of Technology in Austria have found a

This is the hidden content, please

• Sign In
• or
• Sign Up

(PDF) that can bypass modern kernel defenses and provide arbitrary read and write access. The exploits involved affect Linux kernel versions 5.19 and 6.2.

The team has dubbed the ******* technique SLUBStick. This ******* vector takes advantage of memory reuse of the kernel allocator in a novel way, making it more reliable than most other cross-cache attacks. Whereas most cross-cache attacks have a success rate of just 40%, the researchers pushed SLUBStick to a 99% success rate for frequently used generic caches.

This success rate comes despite the modern security protections available for the Linux kernel. Recognizing the susceptibility of the Linux kernel to memory safety vulnerabilities, researchers and kernel developers have included defenses to inhibit the success of cross-cache attacks.

SLUBStick, however, is capable of bypassing Supervisor Mode ********** Prevention (SMEP), Supervisor Mode Access Prevention (SMAP), and Kernel Address Space Layout Randomization (KASLR). The researchers note that existing kernel defenses promise to reduce SLUBStick’s threat, but none currently provide comprehensive protection. Therefore, the danger of exploitation via SLUBStick is still natural, even with kernel defenses in use.

Swipe to scroll horizontally

CVEs tested using SLUBStick ******* vector

CVE	Capability	Cache
CVE-2023-21400	Double Free	kmalloc-32
CVE-2023-3609	Use After Free	kmalloc-96
CVE-2022-32250	Use After Free	kmalloc-64
CVE-2022-29582	Use After Free	files_cachep
CVE-2022-27666	Out Of Bounds	kmalloc-4096
CVE-2022-2588	Double Free	kmalloc-192
CVE-2022-0995	Out Of Bounds	kmalloc-96
CVE-2021-4157	Out Of Bounds	kmalloc-64
CVE-2021-3492	Double Free	kmalloc-4096

SLUBStick takes advantage of a heap vulnerability in Linux’s memory management to gain elevated privileges, break out of sandbox environments in virtual machines, and gain root access to the host system. Even worse, the technique uses a side-channel exploit to observe memory usage and determine the exact moment of whether or not to reallocate a memory hash. This means that SLUBStick can predict and control memory reuse to increase its success rate.

For SLUBStick to work, attackers need local access to the attacked Linux system. The ******* also requires the presence of a heap vulnerability in the Linux kernel, which has been found in both the 5.19 Linux kernel and the 6.2 kernel.

The researchers systematically analyzed the ******* on the two Linux kernel versions, finding that SLUBStick was effective at executing on generic cache from kmalloc-08 through kmalloc-4096. Using a synthetic vulnerability and nine real-world CVEs, they tested the ******* method to escalate privileges and gain root access.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

SLUBStick was tested on both x86 and aarch64 virtual machines, and it is equally effective on Intel—and AMD-based processors and Arm CPUs. The team notes that the ******* technique afforded by SLUBStick “greatly enhances the reliability of cross-cache attacks from generic caches and makes them practical for exploitation.” In other words, SLUBStick can make other attacks more successful and effective.

This is the hidden content, please

• Sign In
• or
• Sign Up

#Linux #kernel #******* #slips #modern #defenses #SLUBStick #boasts #success #rate

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

For verified travel tips and real support, visit: https://hopzone.eu/