Cybersecurity researchers have make clear a novel Linux kernel exploitation approach dubbed SLUBStick that could possibly be exploited to raise a restricted heap vulnerability to an arbitrary reminiscence read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to carry out a cross-cache assault reliably,” a gaggle of lecturers from the Graz College of Expertise stated [PDF]. “Concretely, exploiting the side-channel leakage pushes the success charge to above 99% for continuously used generic caches.”
Reminiscence security vulnerabilities impacting the Linux kernel have restricted capabilities and are much more difficult to use owing to security options like Supervisor Mode Entry Prevention (SMAP), Kernel deal with house format randomization (KASLR), and kernel management move integrity (kCFI).
Whereas software program cross-cache assaults have been devised as a approach to counter kernel hardening methods like coarse-grained heap separation, research have proven that present strategies solely have successful charge of solely 40%.
SLUBStick has been demonstrated on variations 5.19 and 6.2 of the Linux kernel utilizing 9 security flaws (e.g., double free, use-after-free, and out-of-bounds write) found between 2021 and 2023, resulting in privilege escalation to root with no authentication and container escapes.
The core concept behind the method is to supply the power to change kernel knowledge and procure an arbitrary reminiscence read-and- write primitive in a fashion that reliably surmounts present defences like KASLR.
Nonetheless for this to work, the risk mannequin assumes the presence of a heap vulnerability within the Linux kernel and that an unprivileged person has code execution capabilities.
“SLUBStick exploits newer methods, together with v5.19 and v6.2, for all kinds of heap vulnerabilities,” the researchers stated.
