| Walt Mankowski via plug on 13 Aug 2025 05:56:15 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox |
Thanks. Last night during PLUG North we were talking about this post yesterday to the debian-security-announce list: https://lists.debian.org/debian-security-announce/2025/msg00137.html It has a scary number of CVE, but neither it nor the new post this morning: https://lists.debian.org/debian-security-announce/2025/msg00139.html contain this particular CVE! Nothing's made it to Ubuntu yet but I'm keeping an eye out for it. Walt On Wed, Aug 13, 2025 at 08:39:52AM -0400, jeffv via plug wrote: > Critical Linux Kernel Bug Grants Attackers Full Kernel-Level Control from > Chrome Sandbox > > https://linuxsecurity.com/news/security-vulnerabilities/linux-kernel-bug-grants-attackers-full-kernel-level-control > > Here´s where things go sideways. Horn´s write-up breaks it down, but the > takeaway is this: there's a use-after-free (UAF) condition. Specifically, > when the kernel processes out-of-band messages, it uses a data structure > (oob_skb) to hold a reference to the socket buffer storing said message. The > problem occurs when you start manipulating these buffers. Carefully crafted > sequences of send() and recv() calls, which are normally valid, can force > the kernel to reuse memory that was never properly cleaned up. > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug