Lucene search

K

Lucas Leong (@_wmliang_) of Trend Micro Zero Day InitiativeZDI-24-843

HistoryJun 21, 2024 - 12:00 a.m.

Linux Kernel USB/IP VHCI Driver Race Condition Privilege Escalation Vulnerability

2024-06-2100:00:00

Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative

www.zerodayinitiative.com

2

linux kernel

usb/ip vhci driver

privilege escalation

lack of proper locking

reset event

arbitrary code

kernel context

7.7 High

AI Score

Confidence

High

This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the reset event. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.

References

lore.kernel.org/lkml/DM5PR0102MB3477B499A8A3292D6BFFBE80804C2@DM5PR0102MB3477.prod.exchangelabs.com/T/

7.7 High

AI Score

Confidence

High