A double free vulnerability was found in io_uring, affecting the Linux kernel 5.10. Nicolas Wu and Ye Zhang were able to exploit this flaw with Dirty Pagetable to bypass all the mitigation techniques deployed on the latest Google Pixel 7 and achieve local privilege escalation. References: https://source.android.com/docs/security/bulletin/pixel/2023-07-01 https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html https://www.openwall.com/lists/oss-security/2023/07/14/2
Hi, Any reproducer here or test steps, and how to verify the bug in RHEL ?
Hi, > Any reproducer here or test steps, and how to verify the bug in RHEL ? No reproducer available and vulnerability details are not yet public (see references in comment 0).
The "Dirty Pagetable" article has been updated with exploit information. As for the fix, see https://www.openwall.com/lists/oss-security/2023/07/25/9. Upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=fb348857e7b67eefe365052f1423427b66dedbf3