Cybersecurity researchers have make clear a novel Linux kernel exploitation approach dubbed SLUBStick that might be exploited to raise a restricted heap vulnerability to an arbitrary reminiscence read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to carry out a cross-cache assault reliably,” a gaggle of teachers from the Graz College of Know-how mentioned [PDF]. “Concretely, exploiting the side-channel leakage pushes the success charge to above 99% for regularly used generic caches.”
Reminiscence security vulnerabilities impacting the Linux kernel have restricted capabilities and are much more difficult to use owing to security measures like Supervisor Mode Entry Prevention (SMAP), Kernel handle house structure randomization (KASLR), and kernel management circulate integrity (kCFI).
Whereas software program cross-cache assaults have been devised as a solution to counter kernel hardening methods like coarse-grained heap separation, research have proven that current strategies solely have a hit charge of solely 40%.
SLUBStick has been demonstrated on variations 5.19 and 6.2 of the Linux kernel utilizing 9 safety flaws (e.g., double free, use-after-free, and out-of-bounds write) found between 2021 and 2023, resulting in privilege escalation to root with no authentication and container escapes.
The core concept behind the strategy is to supply the flexibility to change kernel information and procure an arbitrary reminiscence read-and- write primitive in a fashion that reliably surmounts current defences like KASLR.
Nevertheless for this to work, the menace mannequin assumes the presence of a heap vulnerability within the Linux kernel and that an unprivileged consumer has code execution capabilities.
“SLUBStick exploits newer techniques, together with v5.19 and v6.2, for all kinds of heap vulnerabilities,” the researchers mentioned.
