August 7, 2024 at 10:57AM
A new Linux kernel exploitation technique named SLUBStick has been uncovered, offering the potential to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive. This method demonstrates the ability to modify kernel data and overcome existing defenses, but it relies on the existence of a heap vulnerability and code execution capabilities by an unprivileged user.
From the meeting notes, it appears that the discussion focused on a new Linux kernel exploitation technique called SLUBStick. This technique aims to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. The researchers from Graz University of Technology highlighted that SLUBStick exploits a timing side-channel of the allocator to perform a cross-cache attack reliably, thus increasing the success rate to above 99% for frequently used generic caches.
The notes also highlighted that memory safety vulnerabilities impacting the Linux kernel have limited capabilities and are challenging to exploit due to security features such as Supervisor Mode Access Prevention (SMAP), Kernel address space layout randomization (KASLR), and kernel control flow integrity (kCFI). The SLUBStick technique has been demonstrated on Linux kernel versions 5.19 and 6.2 using nine security flaws discovered between 2021 and 2023, leading to privilege escalation to root without authentication and container escapes.
It was also mentioned that for SLUBStick to work, it assumes the presence of a heap vulnerability in the Linux kernel and that an unprivileged user has code execution capabilities. The researchers noted that SLUBStick exploits more recent systems, including versions 5.19 and 6.2, for a wide variety of heap vulnerabilities.
Overall, the discussion highlighted the potential impact of the SLUBStick technique on Linux kernel security and the need to address the identified security flaws.