Listen to this Post
How the mentioned CVE works:
CVE-2021-22555 is a 15-year-old use-after-free vulnerability in the Netfilter subsystem of the Linux kernel. The flaw is located in the `net/netfilter/x_tables.c` file. When creating IPTables rules, the `compat_do_replace()` function is used for 32-bit user-space applications on a 64-bit kernel. This function miscalculates the size of memory to be allocated during the copy of rule data from user-space. The allocation uses vmalloc(), but the subsequent copy_from_user() operation can write beyond the allocated chunk’s boundary. This out-of-bounds write can corrupt adjacent memory structures, leading to a use-after-free condition. When the corrupted memory is later accessed, it allows an unprivileged local user to escalate their privileges to root.
Platform: Linux Kernel
Version: Since 2008
Vulnerability: Use-After-Free
Severity: Critical
date: 2021-07-20
Prediction: 2021-07-20 (Patched)
What Undercode Say:
`iptables -L`
`uname -r`
`cat /proc/version`
`dmesg | grep -i “fail\|error”`
`cat /sys/kernel/security/selinux/avc`
`modprobe -n -r netfilter`
How Exploit:
Unprivileged user executes code.
Triggers memory corruption via IPTables.
Exploits UAF for privilege escalation.
Gains root access.
Protection from this CVE:
Update Linux kernel.
Apply security patches.
Restrict user privileges.
Use grsecurity/PaX.
Disable unneeded modules.
Impact:
Full system compromise.
Root privilege escalation.
Bypass all security controls.
Kernel panic denial-of-service.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
