The Chaitin Security Research Lab (@ChaitinTech) discovered a Linux Kernel flaw, , tracked as CVE-2017-7184, during the last Pwn2Own 2017 competition. The experts hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access and earned $15,000 and 3 Master of Pwn points. It was the first time for an Ubuntu Linux hack at the Pwn2Own.
“This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.” reads the ZDI advisory.
“The specific flaw exists within the handling of xfrm states. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to elevate privileges and execute arbitrary code under the context of the kernel.”
The vulnerability can be exploited to cause a denial-of-service (DoS) condition or to execute arbitrary code. It could be exploited by a local attacker to escalate privileges on the system.
Red Hat rated the flaw as “high severity,” anyway its experts confirmed that the flaw cannot be exploited for privilege escalation on default or common configurations of Red Hat Enterprise Linux 5, 6 and 7.
The CVE-2017-718 flaw was quickly fixed in the Linux kernel a few days after the Pwn2Own 2017 competition, and Ubuntu development team has fixed it at the end of March. Other Linux distributions are already working on security patches.
(Security Affairs – Linux Kernel Flaw, CVE-2017-7184)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.