[PLUG] Full Kernel-Level Control from Chrome Sandbox

jeffv via plug on 13 Aug 2025 05:39:58 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Full Kernel-Level Control from Chrome Sandbox

From: jeffv via plug <plug@lists.phillylinux.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: [PLUG] Full Kernel-Level Control from Chrome Sandbox
Date: Wed, 13 Aug 2025 08:39:52 -0400
Authentication-results: smtp01.aqua.email-ash1.sync.lan smtp.user=<hidden>; auth=pass (LOGIN)
Dkim-signature: v=1; a=rsa-sha1; d=op.net; s=20180222; c=relaxed/simple; q=dns/txt; i=@op.net; t=1755088793; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=hudQyk29uN5RyrKp5duWJDEttHY=; b=lnlEh0tYYIgLZPi9Uq7+9P9lmoNFqSFZVgmCn1ggJJ2c+RSsTqNDzBUQOiJyibWp bs6PU2kCkPxRKp29TaZyNhl/65gYkI/K45HW4xLTCZ0RGhojCzanlPG+QkdljCCf bfRoLu2u+P1Y/SIq2OIdbidPlEUCiXIVwyltKPolE3lx0WTLT+zTvHgbNrLxuTba U0iI+oOlhvk4usLGDhA4nMmSQLeGHnQvGiW4MTohibIOUYaUygbX0s4uPONYyLsM 1nHXoCD1mH0AN0y1nBspX8asNE8Zb5rSdP4Q2NhlO2KzjqCZH4Lz26W+uZIja2Fc V98EciYThhgrH8lfXcKjJQ==;
Reply-to: jeffv <jeffv@op.net>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla Thunderbird

Critical Linux Kernel Bug Grants Attackers Full Kernel-Level Controlfrom Chrome Sandbox


https://linuxsecurity.com/news/security-vulnerabilities/linux-kernel-bug-grants-attackers-full-kernel-level-control

Here’s where things go sideways. Horn’s write-up breaks it down, but thetakeaway is this: there's a use-after-free (UAF) condition.Specifically, when the kernel processes out-of-band messages, it uses adata structure (oob_skb) to hold a reference to the socket bufferstoring said message. The problem occurs when you start manipulatingthese buffers. Carefully crafted sequences of send() and recv() calls,which are normally valid, can force the kernel to reuse memory that wasnever properly cleaned up.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox
  - From: Walt Mankowski via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox
  - From: Michael Lazin via plug <plug@lists.phillylinux.org>
- Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox
  - From: Rich Freeman via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] [plug-announce] Tue Aug 12 - PLUG North - "General Discussion" (7pm online)
Next by Date: Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox
Previous by thread: [PLUG] Sun Blade 1500 and LG Bluray burner for sale 100 dollars total
Next by thread: Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox
Index(es):
- Date
- Thread