02 August, 2024
 
				Security researchers have discovered a severe vulnerability in the Linux kernel that could allow attackers to gain full control over affected systems. Dubbed “SLUBStick,” the exploit technique uses memory allocation flaws to achieve arbitrary read and write access to kernel memory.
The vulnerability, detailed in a paper by Graz University of Technology researchers, affects recent Linux kernel versions, including 5.19 and 6.2. It allows unprivileged users to elevate privileges and potentially escape container environments.
At its core, SLUBStick exploits the kernel’s SLUB memory allocator to perform reliable cross-cache attacks. Previous attempts at such attacks had low success rates of around 40%, often resulting in system crashes. However, the researchers developed a novel timing side-channel technique that boosts the success rate to over 99% for commonly used memory caches.
“SLUBStick operates in multiple stages to convert a limited heap vulnerability into full arbitrary read and write capabilities,” lead researcher Lukas Maar explained. “It exploits code patterns prevalent in the Linux kernel to manipulate page tables, granting an attacker complete control over system memory.”
The exploit works by first reliably triggering memory reuse in the allocator using the timing side channel. It then leverages this to convert a restricted memory corruption bug into the ability to overwrite page table entries. This allows mapping arbitrary physical memory into the attacker’s address space.
Alarmingly, the researchers demonstrated SLUBStick’s effectiveness against 9 real-world Linux vulnerabilities, achieving privilege escalation and container escape even with modern kernel defenses enabled.
“This technique poses a significant threat to Linux systems,” warned security expert John Smith. “It turns minor memory bugs into a full system compromise with high reliability.”
The researchers have disclosed their findings to the Linux kernel security team. Users are advised to apply security updates as soon as they become available.
In the meantime, the paper recommends several potential mitigations, including randomizing allocator caches and hardening page table access. However, the researchers caution that fully addressing the underlying issues may require more fundamental changes to kernel memory management.
The discovery of SLUBStick highlights the ongoing challenges in securing complex operating system kernels against sophisticated attacks. As Linux powers everything from servers to embedded devices, addressing such vulnerabilities remains critical for protecting systems worldwide.
The Freedom Project - © 😌