Navigation
Search
|
Nguyen: CVE-2021-22555: Turning \x00\x00 into 10000$
Thursday July 15, 2021. 02:46 PM , from LWN.net
For those who appreciate detailed descriptions of how to exploit a kernel
vulnerability, this report on a netfilter bug by Andy Nguyen should certainly satisfy. CVE-2021-22555 is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution. It was used to break the kubernetes pod isolation of the kCTF cluster and won 10000$ for charity (where Google will match and double the donation to 20000$).
https://lwn.net/Articles/862955/rss
|
25 sources
Current Date
Apr, Wed 24 - 23:31 CEST
|