Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox

The comment about memory being altered in the article and your comment also makes me think that you could easily find this exploit by dumping and examining the memory contents. Excuse me if I am wrong but would not an alteration of virtual or physical memory show up if you dumped and examined the memory on a system you suspect of being cracked in this manner? The attack vector seems to suggest that if this is not patched very quickly by Google it could potentially allow drive-by-download attacks on Linux.

On Wed, Aug 13, 2025 at 8:40 AM jeffv via plug <plug@lists.phillylinux.org> wrote:

Critical Linux Kernel Bug Grants Attackers Full Kernel-Level Control
from Chrome Sandbox

https://linuxsecurity.com/news/security-vulnerabilities/linux-kernel-bug-grants-attackers-full-kernel-level-control

Here’s where things go sideways. Horn’s write-up breaks it down, but the
takeaway is this: there's a use-after-free (UAF) condition.
Specifically, when the kernel processes out-of-band messages, it uses a
data structure (oob_skb) to hold a reference to the socket buffer
storing said message. The problem occurs when you start manipulating
these buffers. Carefully crafted sequences of send() and recv() calls,
which are normally valid, can force the kernel to reuse memory that was
never properly cleaned up.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug