HomeVulnerabilityNew Linux kernel cross-cache assault permits arbitrary reminiscence writes

New Linux kernel cross-cache assault permits arbitrary reminiscence writes

By using a timing facet channel whereas exploiting the heap vulnerabilities, which basically enable attackers to control the kernel’s reminiscence allocation course of, the researchers had been capable of pinpoint the precise second of reminiscence allocation and de-allocation, making the willpower of ceaselessly used caches extraordinarily correct.

These caches are then proven to be reallocated to permit attackers to control the web page desk and browse and write any reminiscence allocation. SLUBStick can work with not less than 9 current exploitations, together with CVE-2023-21400, CVE-2023-3609, CVE-2022-32250, CVE-2022-29582, CVE-2022-27666, CVE-2022-2588, CVE-2022-0995, CVE-2021-4157, and CVE-2021-3492.

Efficient with pre-requisites

The assault was discovered efficient towards all trendy kernel defenses, together with Supervisor Mode Execution Prevention (SMEP), Supervisor Mode Entry Prevention (SMAP), and Kernel Deal with Area Structure Randomization (KASLR).

See also  Kicking dependency: Why cybersecurity wants a greater mannequin for dealing with OSS vulnerabilities
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular