Introduction:

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

Vulnerability Release Time:

• 2022-03-14 11:43 UTC

Vulnerability Impact & Type

• Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS).

• Privilege Escalation

Affected Products:

• This vulnerability exist in all Linux versions up to 5.17 RC1 till RC7

Fixed Versions

• Kernel 5.17 RC8 and above

Severity:

The software writes data past the end, or before the beginning, of the intended buffer. This typically occurs when the pointer or its index is incremented or decremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in corruption of sensitive information, a crash, or code execution among other things.

CVSS v3.1:

• Base Score: 7.2 (High)

• CWD ID: 787

• Vulnerability type: Low

• Gained Access: None

• Authentication: None

• Confidentiality Impact: Complete

• Integrity Impact: Complete

• Availability Impact: Complete

• Access Complexity: Low

Mitigation:

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability

Technical Analysis / Exploits:

1. Login to my linux machine as a normal user and shown the linux version I’m using.

2. Now let’s download exploit data in our local machine. Use below command to successfully download exploit data from github repository:

git clone https://github.com/Bonfee/CVE-2022-0995.git

3. After cloning the repository, change current directory to downloaded

repository directory using below command:

cd CVE-2022-0995

After the script completes its execution, you will successfully get the root user shell.

./exploit

4. After the script completes its execution, you will successfully get the root user shell.

5. Now, use below command to get bash shell of root user:

/bin/bash/

Now you are at root user bash shell and you can do everything as a root user.

Reference:

● https://github.com/Bonfee/CVE-2022-0995
● https://nvd.nist.gov/vuln/detail/CVE-2022-0995
● https://access.redhat.com/security/cve/cve-2022-0995

#CVE–2022-0995 #Linux #kernel #Out-of-Bound(OOB)

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s