tags:uaflinuxkerneltipclpe original link: ZDI-24-821: A Remote UAF in The Kernel’s net/tipc newsletter link: exploits.club Weekly Newsletter 28


Exploits Club Summary:

Last week we shared @sam4k’s slides about finding bugs in the Linux kernel. In the presentation, he shared a bug he found using his methodology. Now, we were under the assumption this was a bug he found a while ago and just decided to use as a good example. Turns out, that assumption was extremely wrong. In his newest blog post, he walks through how he decided to look for a bug while making the presentation, and found the UAF in the kernel’s TIPC networking stack. The post itself walks through the background and vulnerability in much more detail than the slides, covering networking subsystem fundamentals, the fundamental structures of the subsystem, and TIPC. It then goes into the vulnerability, working backwards from the stacktrace and working out the root cause. Finally, it includes some notes on potential exploitation before concluding with the patch.