Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit
September 29, 2018
Seid Yassin (557 articles)
Share

Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit

A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8.

Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system.

The use-after-free (UAF) vulnerabilities are a class of memory corruption bug that can be exploited by unprivileged users to corrupt or alter data in memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system.

Source | thehackernews