| Name | linux_xt_compat_oob_write |
| CVE | CVE-2021-22555 |
| Exploit Pack | CANVAS |
| Description | linux_xt_compat_oob_write |
| Notes | CVE Name: CVE-2021-22555 VENDOR: Linux NOTES: "The Netfilter out-of-bounds write also known as CVE-2021-22555 is a 15 year old out-of-bounds write vulnerability in Linux Netfilter that can bypass all modern mitigations and achieve kernel code execution resulting in root access." - @theflow0 The vulnerability occurs in xt_compat_target_from_user() which can be found within x_tables.c, when making a call to memset() using a user manipulated target->targetsize that is not accounted for during allocation. Leading to a few bytes being written out of bounds. The vulnerability can be triggered using the userland setsockopt() function with an optname of IPT_SO_SET_REPLACE. Due to the nature of this vulnerability its best to run maximum 3 times per host. Failure could result in a Kernel Panic. This exploit was tested on: - Ubuntu Bionic 18.04.1 LTS (4.15.0-29-generic) - Ubuntu Focal 20.04.4 LTS (5.8.0-48-generic) Currently supports: - 4.15.0-29-generic - 5.8.0-48-generic VersionsAffected: Linux since v2.6.19-rc1 Repeatability: Single References: - https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html#achieving-use-after-free CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2021-22555 Date public: 07/07/2021 CVSS: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Learn more about the CANVAS Exploit Pack here: CANVAS |