{"id":7501,"date":"2021-09-29T19:35:00","date_gmt":"2021-09-30T02:35:00","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7501"},"modified":"2023-04-05T12:37:54","modified_gmt":"2023-04-05T19:37:54","slug":"a-15-year-old-vulnerability-exposes-linux-to-privilege-escalation-attacks","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/a-15-year-old-vulnerability-exposes-linux-to-privilege-escalation-attacks\/","title":{"rendered":"A 15-year old Vulnerability Exposes Linux to Privilege Escalation Attacks"},"content":{"rendered":"

A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability\u2019s characteristics and the impact it can have.<\/strong><\/p>\n

In April 2021, a critical vulnerability was reported in Netfilter – the Linux kernel security group –\u00a0that was reportedly patched shortly thereafter. The public announcement and a proof-of-concept were shared after July 7, 2021, allowing organizations ample time to patch vulnerable systems.<\/p>\n

The flaw in the Netfilter code uses memset()<\/em>, a buffer function that is used to fill a block of memory with a particular value, to set four bytes in the memory to a value of zero. This seemingly innocuous memory address value issue, however, can lead to root access for an attacker who has gained privileged access to the system and allows them to control and set the kernel memory values from an unprivileged user process. Simply put, the vulnerability allows a local user to gain root privileges in the system in spite of being in an insulated container.<\/p>\n

 <\/p>\n

CVE Findings<\/strong><\/h2>\n

The Netfilter vulnerability (CVE-2021-22555<\/a>) has existed for 15 years since the Linux kernel 2.6.19 was launched. The vulnerability is caused by a bug in two drivers in the kernel which causes a buffer overflow when it sends special parameters in compact mode via the setsockopt<\/em> function<\/a>. Here is our analysis of the vulnerability:<\/strong><\/p>\n

 <\/p>\n

CVE-2021-22555<\/strong><\/p>\n

    \n
  • \n

    CVE-2021-22555<\/a> is a heap out-of-bounds write<\/a> vulnerability that allows an attacker to gain privileged access or cause a denial of service via heap memory corruption.<\/p>\n<\/li>\n

  • \n

    Classified under the weakness enumeration, CWE-787 (Out-of-bounds Write), the severe vulnerability has a CVSS v3 score of 7.8.<\/p>\n<\/li>\n

  • \n

    CWE-787 is categorized as the most dangerous vulnerability in MITRE\u2019s latest CWE Top 25 list<\/a>.<\/p>\n<\/li>\n

  • \n

    A patch<\/a> was released for the vulnerability in July 2021.<\/p>\n<\/li>\n<\/ul>\n

     <\/p>\n

    \"Netfilter<\/p>\n

     <\/p>\n

    On August 23, 2021, a list of 15 vulnerabilities that are known to be actively exploited in the wild or have proofs-of-concept (PoC), was published<\/a> online. These vulnerabilities have been used numerous times to attack Linux-based systems in the past.\u00a0<\/strong><\/p>\n