SLUBStick, a novel Linux kernel exploitation technique, has been discovered by cybersecurity researchers. It can potentially escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
Researchers studying cybersecurity have uncovered a new Linux kernel exploitation method called SLUBStick, which has the potential to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
Researchers at the Graz University of Technology stated that “it initially exploits a timing side-channel of the allocator to perform a cross-cache attack reliably” [PDF]. “Concretely, exploiting the side-channel leakage pushes the success rate to above 99% for frequently used generic caches.”
Because the Linux kernel has security protections like Supervisor Mode Access Prevention (SMAP), Kernel address space layout randomization (KASLR), and kernel control flow integrity (kCFI), memory safety flaws affecting it are more difficult to exploit and have restricted capabilities.
To counter kernel hardening strategies like coarse-grained heap separation, software cross-cache assaults have been devised; nevertheless, studies show that these strategies are only 40% effective.
SLUBStick has been demonstrated on Linux kernel versions 5.19 and 6.2 using nine security holes (such as double-free, use-after-free, and out-of-bounds write) discovered between 2021 and 2023. This makes it possible for container escapes and privilege escalation to root without authentication.
The main goal of the method is to provide the capacity to alter kernel data and acquire an arbitrary memory read-and-write primitive in a way that consistently defeats KASLR and other current defenses.
But in order for this to function, the threat model assumes that the Linux kernel has a heap vulnerability and that an unauthorized user is capable of executing code.
“SLUBStick exploits more recent systems, including v5.19 and v6.2, for a wide variety of heap vulnerabilities,” according to the researchers.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.