In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but due to variable instruction length cannot determine if this is an instruction as seen by the intended execution stream. Additionally, Mark Rutland notes that on architectures that mix data in the text segment (like arm64), a similar things can be done if the data word is 'mistaken' for an instruction. As such, require CAP_SYS_ADMIN for uprobes.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: perf: Revertir al requisito de CAP_SYS_ADMIN para uprobes. Jann informa que los uprobes pueden usarse de forma destructiva cuando se usan en medio de una instrucción. El kernel solo verifica que haya una instrucción válida en el desplazamiento solicitado, pero debido a la longitud variable de la instrucción, no puede determinar si se trata de una instrucción como la detecta el flujo de ejecución previsto. Además, Mark Rutland señala que en arquitecturas que mezclan datos en el segmento de texto (como arm64), se puede realizar una acción similar si la palabra de datos se confunde con una instrucción. Por lo tanto, se requiere CAP_SYS_ADMIN para uprobes.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | LOCAL |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | LOW |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bde79f7c0> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc3c4d80> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702ba6eda040> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc3c7600> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc3c5800> | Operating System |
| linux | linux_kernel | * | <built-in method update of dict object at 0x702bfc3c4b00> | Operating System |
| linux | linux_kernel | 6.16 | <built-in method update of dict object at 0x702bfc3c7d40> | Operating System |
| linux | linux_kernel | 6.16 | <built-in method update of dict object at 0x702bfc3c48c0> | Operating System |
| linux | linux_kernel | 6.16 | <built-in method update of dict object at 0x702bfc3c6f80> | Operating System |
| linux | linux_kernel | 6.16 | <built-in method update of dict object at 0x702bfc3c5240> | Operating System |
| debian | debian_linux | 11.0 | <built-in method update of dict object at 0x702bdc6d79c0> | Operating System |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.16:rc2:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.16:rc3:*:*:*:*:*:* |
| Yes | cpe:2.3:o:linux:linux_kernel:6.16:rc4:*:*:*:*:*:* |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |