news.volyx.in

GhostLock, a stack-UAF that has existed in ALL Linux distributions for 15 years (nebusec.ai)

95 points by djfergus · 1 day ago · 20 comments on HN

Article summary

A Linux kernel vulnerability known as GhostLock has been discovered, which allows an unprivileged local attacker to gain root access and escape containers. The vulnerability has existed in every major Linux distribution since 2011 and was introduced in Linux 2.6.39, but was only recently fixed in Linux 7.1. The exploit uses a combination of techniques, including a stack-use-after-free bug and a prefetch-based information leak, to achieve privilege escalation. The vulnerability was rewarded with $92,337 in the kernelCTF competition.

Main themes

  • Linux kernel vulnerability
  • Privilege escalation
  • Container escape
  • Exploit techniques
  • Kernel security
  • Linux distributions

What commenters say

  • The reward for the vulnerability seems low considering its wide impact, but it may be due to the fact that it's a local exploit rather than a remote one.
  • The vulnerability highlights the importance of keeping Linux kernels up to date, as it has existed for over 15 years and affects many distributions.
  • Some commenters believe that relying on Linux containers as a security boundary is misguided, and that this vulnerability demonstrates the need for additional security measures.
  • The discovery of the GhostLock vulnerability and its exploitation techniques has significant implications for the security of Linux systems and containers.
  • The fact that the vulnerability was only recently discovered despite existing for so long raises concerns about the effectiveness of Linux kernel testing and security auditing.
  • The exploit's use of a stack-use-after-free bug and prefetch-based information leak is a notable example of the creative techniques used by attackers to bypass security measures.