Navigation
Recherche
|
Nguyen: CVE-2021-22555: Turning \x00\x00 into 10000$
jeudi 15 juillet 2021, 14:46 , par LWN.net
For those who appreciate detailed descriptions of how to exploit a kernel
vulnerability, this report on a netfilter bug by Andy Nguyen should certainly satisfy. CVE-2021-22555 is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution. It was used to break the kubernetes pod isolation of the kCTF cluster and won 10000$ for charity (where Google will match and double the donation to 20000$).
https://lwn.net/Articles/862955/rss
|
56 sources (32 en français)
Date Actuelle
sam. 4 mai - 11:12 CEST
|