This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.
2c972042e97ba752bad7ba25468c594d74162a227ca514649eb33c75bf60c5e6Red Hat Security Advisory 2017-0387-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
d61e4a6a0cda3ead6a381937c87a218e78b571abab76a989734954dcaa7056e7Red Hat Security Advisory 2017-0386-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
476a8bf0397fcb73d59efcb4da6e383b69f0df7fdf6f5c4349d6a3a0a5ca5314Red Hat Security Advisory 2017-0402-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
2988677ecc136b818b33b244f8544e8267b29269293bd4fa6f8d99a4ee0aebd5Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix a security issue.
05dfa706feac0e6e76ce7a15e9e48ca77c2ff775993a3f8c287b81e7154d0b64Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
d8c13d40032210a719f70376fb50f745ce27eca4d0eb24c5096aaa2ba0e42b44Linux AF_PACKET race condition exploit for Ubuntu 16.04 x86_64.
aa24077d1248b5baa880a452de7a35948ed45d8751c16500d808952b8c992c0dUbuntu Security Notice 3151-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
366ea99803b45007b28975fba950ee825bcae8c517bc90500e532dac943f504eUbuntu Security Notice 3150-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
01114ec8168ca06ef876602f632596b5ac0058fb4b42a72b0b74d82c64e9f60dUbuntu Security Notice 3149-2 - USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.
9731ac046103f9c340d873b560f2afaaa0ca3c84506deef542342b131629c0e3Ubuntu Security Notice 3149-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
47b1b3821d04bf4ee88ff830c4355b2043041b0a774d187a6a18134e753cad2fUbuntu Security Notice 3152-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
6a40f0ee04b23e2fabfc56131ab430587cf990f38c7a6483b09550b5949ad6eeUbuntu Security Notice 3151-4 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
d2fab5298c22b5a5a949676daea4e21714110552ff25f80853e30f529249f2bfUbuntu Security Notice 3150-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
e27b7f3da4c744e96fa266bd5562b86cb4562b856349a55c52cd669f78d9bafbUbuntu Security Notice 3151-3 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
9db0f9cd682d4172f274216dae7fda69a6d76e1c289494ea22b16c4e3962bfd5Ubuntu Security Notice 3152-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
2fc1600c5a1b891c887eccc1ab9690b55958aad6e3ae9df58df425149b8c8df8Ubuntu Security Notice 3151-2 - USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.
cac405c82a1b4cf4918d416971f4626ddaf020310ddbee3aac884eb9ea77af02
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed