News New Linux kernel attack slips past modern defenses — SLUBStick boasts a 99% success rate

[Admin]

Despite the protections afforded by modern kernel defenses, a team of researchers has discovered a reliable way to carry out cross-cache attacks on Linux kernels.

New Linux kernel attack slips past modern defenses — SLUBStick boasts a 99% success rate : Read more

 

[bit_user]

The attack also requires the presence of a heap vulnerability in the Linux kernel, which has been found in both the 5.19 Linux kernel and the 6.2 kernel.

This makes it sound like the attack relies on the presence of a bug in those two kernel versions. If it were a design flaw, then it should affect a broader range of revisions.

FWIW, 6.11 is the current kernel version nearing release. 6.6 is the latest LTS (Long-Term Support) kernel, I think. 6.1 is the latest SLTS (Super Long-Term Support) kernel. Good thing neither of those seems to be affected.

 

[RichardtST]

At this point in time with all the automated testing, and with all the memory management tools available, any memory mismanagement issues are almost invariably intentional back doors. And why bother with the kernel anyway when any shell with an input prompt will get you root? Computer Security is more like the front door on your house. It's only there to stop the good guys.

 

[Kilzzz]

"For SLUBStick to work, attackers need local access to the attacked Linux system."

Once someone has local access, you have lost regardless of this bug. At least its not a remote access problem, and will likely be patched soon.

 

[bit_user]

"For SLUBStick to work, attackers need local access to the attacked Linux system."

Once someone has local access, you have lost regardless of this bug. At least its not a remote access problem, and will likely be patched soon.

First, if they're saying physical access, that's wrong. The vulnerability sounds like all it requires is the ability to get some code executed on the victim machine. Probably native code, at that - I doubt Javascript or web assembler would be adequate.

Second, I don't know if that changes your statement, but privilege-escalation vulnerabilities are serious and taken seriously. It's not considered a foregone conclusion that unprivileged users or services can gain root on a machine.

 

[salgado18]

This makes it sound like the attack relies on the presence of a bug in those two kernel versions. If it were a design flaw, then it should affect a broader range of revisions.

FWIW, 6.11 is the current kernel version nearing release. 6.6 is the latest LTS (Long-Term Support) kernel, I think. 6.1 is the latest SLTS (Super Long-Term Support) kernel. Good thing neither of those seems to be affected.

Maybe the article is not clear enough, but I understood that the researchers tested these two kernel versions, instead of stating that only these two are affected.

 

[bit_user]

Maybe the article is not clear enough, but I understood that the researchers tested these two kernel versions, instead of stating that only these two are affected.

You might be right. The article is pretty clear about indicating two affected kernel versions, but the original paper and other reporting I can find on it sounds a little more consistent with your interpretation.

Upon a closer read of the paper, it's not a new vulnerability, but rather a way to exploit allocator-based vulnerabilities to greater effect. From the abstract:

"In this paper, we present SLUBStick, a novel kernel exploitation technique elevating a limited heap vulnerability to an arbitrary memory read-and-write primitive."
​

I find it kinda funny that the paper talks about porting known vulnerabilities to the two kernels they used for testing. This underscores the fact that it's not a new vulnerability, but rather a technique for more effectively exploiting that class of vulnerabilities (including those we don't yet know about).