Alexander Popov
Alexander Popov
  • 8
  • 17 799
Improving the exploit for CVE-2021-26708 in the Linux kernel to bypass LKRG
CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. These vulnerabilities were discovered and fixed by Alexander Popov. Earlier, he demonstrated how to exploit them for local privilege escalation on Fedora 33 Server for x86_64. And in this talk, Alexander will describe how he improved this exploit to bypass the Linux Kernel Runtime Guard (LKRG).
Talk at ZeroNights 2021 (25.08.2021).
Link to the article: a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html
มุมมอง: 36

วีดีโอ

Сила четырех байтов: эксплуатация уязвимости CVE-2021-26708 в ядре Linux57:25Сила четырех байтов: эксплуатация уязвимости CVE-2021-26708 в ядре Linux
Сила четырех байтов: эксплуатация уязвимости CVE-2021-26708 в ядре Linux
มุมมอง 507 หลายเดือนก่อน
В январе 2021 года Александр Попов обнаружил и устранил пять уязвимостей в реализации виртуальных сокетов ядра Linux. Этим уязвимостям был присвоен идентификатор CVE-2021-26708. Докладчик детально расскажет об эксплуатации одной них для локального повышения привилегий на Fedora 33 Server для платформы x86_64. Исследователь продемонстрирует, как с помощью небольшой ошибки доступа к памяти получи...
A Kernel Hacker Meets Fuchsia OS. PoC Exploit Demo: Rootkit Planting0:36A Kernel Hacker Meets Fuchsia OS. PoC Exploit Demo: Rootkit Planting
A Kernel Hacker Meets Fuchsia OS. PoC Exploit Demo: Rootkit Planting
มุมมอง 3.1K2 ปีที่แล้ว
Fuchsia is a general-purpose open-source operating system created by Google. It is based on the Zircon microkernel written in C and is currently under active development. The developers say that Fuchsia is designed with a focus on security, updatability, and performance. As a Linux kernel hacker, I decided to take a look at Fuchsia OS and assess it from an attacker's point of view. This is the ...
LKRG Bypass Demo with the Improved PoC Exploit for CVE-2021-26708 in the Linux Kernel0:59LKRG Bypass Demo with the Improved PoC Exploit for CVE-2021-26708 in the Linux Kernel
LKRG Bypass Demo with the Improved PoC Exploit for CVE-2021-26708 in the Linux Kernel
มุมมอง 8353 ปีที่แล้ว
I improved my PoC exploit for CVE-2021-26708, added a full-power ROP chain, and implemented a new method of bypassing the Linux Kernel Runtime Guard (LKRG). See the details in the article: a13xp0p0v.github.io/2021/08/25/lkrg-bypass.html
Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux Kernel34:05Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux Kernel
Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux Kernel
มุมมอง 1.8K3 ปีที่แล้ว
My talk at Zer0Con 2021. Abstract: CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. These vulnerabilities were discovered and fixed by Alexander Popov. In this talk, he will describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP. Alexander will demonstrate an artful way o...
CVE-2021-26708: Local Privilege Escalation Demo (SMAP and SMEP Bypass)0:59CVE-2021-26708: Local Privilege Escalation Demo (SMAP and SMEP Bypass)
CVE-2021-26708: Local Privilege Escalation Demo (SMAP and SMEP Bypass)
มุมมอง 2.7K3 ปีที่แล้ว
CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. These vulnerabilities were discovered and fixed by Alexander Popov. This PoC exploit for x86_64 gains local privilege escalation on Fedora 33 Server, bypassing KASLR, SMEP, and SMAP. See the details in the article: a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html
CVE-2019-18683: Local Privilege Escalation Demo (SMAP and SMEP Bypass)1:49CVE-2019-18683: Local Privilege Escalation Demo (SMAP and SMEP Bypass)
CVE-2019-18683: Local Privilege Escalation Demo (SMAP and SMEP Bypass)
มุมมอง 4.6K4 ปีที่แล้ว
CVE-2019-18683 refers to multiple 5-year-old race conditions in the V4L2 subsystem of the Linux kernel, which I fixed at the end of 2019. This PoC exploit for x86_64 gains local privilege escalation from the kernel thread context (where the userspace is not mapped) bypassing KASLR, SMEP, and SMAP on Ubuntu Server 18.04.
CVE-2017-2636: Local Privilege Escalation Demo (SMEP Bypass)1:17CVE-2017-2636: Local Privilege Escalation Demo (SMEP Bypass)
CVE-2017-2636: Local Privilege Escalation Demo (SMEP Bypass)
มุมมอง 4.5K7 ปีที่แล้ว
CVE-2017-2636 is a race condition in the n_hdlc Linux kernel driver (drivers/tty/n_hdlc.c). The proof-of-concept exploit gains root privileges bypassing Supervisor Mode Execution Protection (SMEP). See the write-up: a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html

ความคิดเห็น

  • @rustam2
    @rustam2 7 หลายเดือนก่อน

    Great talk, Alexander! Респект!

  • @23gfgf
    @23gfgf 3 ปีที่แล้ว

    Is it explotable on single cpu machines?

  • @gordon4024
    @gordon4024 4 ปีที่แล้ว

    master!

  • @misterbrmisteralano3759
    @misterbrmisteralano3759 7 ปีที่แล้ว

    Poc?

  • @majdaarachi2357
    @majdaarachi2357 7 ปีที่แล้ว

    @Alexander Popov the exploit please !

  • @teknikeller
    @teknikeller 7 ปีที่แล้ว

    I can not find the exploit source code on your site