| George A. Theall via plug on 13 Aug 2025 12:47:00 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Full Kernel-Level Control from Chrome Sandbox |
On Wed, Aug 13, 2025 at 09:07:00AM -0400, Walt Mankowski via plug wrote:
On Wed, Aug 13, 2025 at 01:02:11PM +0000, Rich Freeman via plug wrote:On 8/13/2025 8:39 AM, jeffv via plug wrote: > Critical Linux Kernel Bug Grants Attackers Full Kernel-Level Control > from Chrome Sandbox > > https://linuxsecurity.com/news/security-vulnerabilities/linux-kernel-bug-grants-attackers-full-kernel-level-control > > > Here´s where things go sideways. Horn´s write-up breaks it down, but the > takeaway is this: there's a use-after-free (UAF) condition. From the article: *> Patch, Patch, Patch: *The fix is already upstream. As of kernel version 6.9.8 <https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9.8>, the memory management bug in |MSG_OOB| has been patched. That's ancient. 6.9 isn't even a maintained kernel version. There is already a 6.12 longterm. This was fixed more than a year ago. This is interesting of course, but unless you have some embedded system without any updates you'd have to be incredibly lax to have a year old kernel.Interesting. That article made it seem like it had been introduced in 6.9 and was exploitable in all the kernels after that. Walt
The CVE references https://project-zero.issues.chromium.org/issues/423023990, which says :
"Fixed in these stable releases on 2025-07-06 (note that 6.12 and 6.15 are the only stable kernels where this actually has security impact): 6.1.143 6.6.96 6.12.36 6.15.5" George -- theall@tifaware.com ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug