| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Jun 2022 16:06:18 -0700
From: Kees Cook <keescook@...omium.org>
To: Muni Sekhar <munisekharrms@...il.com>
Cc: linux-hardening@...r.kernel.org,
linux-security-module@...r.kernel.org,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: Linux: Use-After-Free exploitation
On Wed, Jun 22, 2022 at 11:38:39AM +0530, Muni Sekhar wrote:
> Use-After-Free bugs result in kernel crashes. If these bugs result in
> kernel crashes then how is it possible to exploit this vulnerability
> for local privilege escalation?
There are many examples of manipulating memory layout in a way that an
attacker can control. For example, see:
https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html
--
Kees Cook
Powered by blists - more mailing lists