tags:linuxkernellpe original link: SSD Advisory: Linux Kernel taprio OOB newsletter link: exploits.club Weekly Newsletter 36 - Regex Fuzzing, C++ Metadata, Kernel Streaming, And More
Exploits Club Summary:
We have covered a few of the bugs from TyphoonPWN 2024, and this week we got a write-up for a Linux LPE entry. The vulnerability manifests from a logic bug, eventually leading to an OOB access. An attacker can pass an arbitraryÂ
mqprio to the kernel, which begs the questionâŠwhat can we do with that? The post walks through a code path where the the value will be propagated for âdirect PC-controlâ, so thatâs pretty cool. As usual with SSD Advisories, complete exploit code is included.