Recent Discovery of New Linux Kernel Vulnerability ‘SLUBStick’ by Experts
Specialists in digital security have illuminated a fresh Linux kernel exploitation method known as SLUBStick that could potentially be used to upgrade a restricted heap vulnerability to an unrestricted memory read-and-write foundation.
“At the beginning, it uses a timing side-channel of the allocator to execute a cross-cache attack with certainty,” a cluster of scholars from the Graz University of Technology highlighted [PDF]. “Specifically, leveraging the side-channel breach boosts the success rate to over 99% for frequently employed generic caches.”
Memory integrity weaknesses affecting the Linux kernel have constrained functionalities and pose significantly greater challenges for exploitation due to protection measures like Supervisor Mode Reach Prohibition (SMAP), Kernel address space layout randomization (KASLR), and kernel control flow integrity (kCFI).
Although software cross-cache attacks have been formulated as a countermeasure to kernel fortification strategies such as coarse-grained heap segregation, studies have demonstrated that existing techniques only achieve a success ratio of a mere 40%.
SLUBStick has been proven on versions 5.19 and 6.2 of the Linux kernel using nine security hitches (e.g., double free, use-after-free, and out-of-bounds write) unearthed between 2021 and 2023, leading to elevation of privileges to root level devoid of authentication and evasion from containment.
The central concept behind this method is to provide the capability to alter kernel data and procure an unrestricted memory read-and- write primary approach that consistently overcomes current defenses like KASLR.
However, for this strategy to be effective, the risk model requires the existence of a heap flaw in the Linux kernel and the presence of an unprivileged user possessing code execution abilities.
“SLUBStick exploits more recent systems, including v5.19 and v6.2, for a wide range of heap flaws,” as stated by the researchers.
About Author
