The Internet: Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch

2019-08-29T14:08:01
ID H1:684573
Type hackerone
Reporter xairy
Modified 2019-09-11T00:19:48

Description

Hi!

CVE-2017-1000112 is a vulnerability I found in the Linux kernel caused by a UFO to non-UFO path switch for UFO packets. It can be exploited to gain kernel code execution from an unprivileged process.

This vulnerability was reported to security@kernel.org and linux-distros@ following the coordinated disclosure process and then announced on oss-security@. The fix was committed on Aug 10, 2017.

I wrote a proof-of-concept exploit for a range of Ubuntu kernels Ubuntu kernel which gains root from an unprivileged user, which can be found here. More details about the vulnerability and exploitation can be found in the oss-security announcement.

The reason I'm reporting this now is that a similar bug that I've reported a while ago has recently been triaged and addressed, so it seems that LPE Linux kernel bugs are within the scope of this IBB program.

Thanks!

Impact

This vulnerability allows a local attacker to elevate privileges to root on a machine with vulnerable Linux kernel version.