vendor:
Linux Kernel
by:
Daniel McNeil
7.5
CVSS
HIGH
AIO Direct Read Local Privilege Escalation
264
CWE
Product Name: Linux Kernel
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE not mentioned
CPE: o:linux:linux_kernel
Metasploit:
https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2022-23499/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2022-3643/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2022-3643/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2022-3643/, https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-3643/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2022-3643/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2022-3172/, https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2021-20325/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2021-20325/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2021-20325/, https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2021-20325/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2021-37698/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2021-37698/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2020-25686/, https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2020-25686/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp2-cve-2020-25686/, https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2020-25686/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2020-25686/, https://www.rapid7.com/db/vulnerabilities/redhat-openshift-cve-2020-25686/, https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp3-cve-2020-25686/, https://www.rapid7.com/db/?q=CVE+not+mentioned&type=&page=2, https://www.rapid7.com/db/?q=CVE+not+mentioned&type=&page=3, https://www.rapid7.com/db/?q=CVE+not+mentioned&type=&page=2
Platforms Tested: Linux
2005
Proof of Concept by Daniel McNeil
This proof of concept code demonstrates a vulnerability in the AIO (Asynchronous Input/Output) functionality in Linux. It allows a local attacker to escalate their privileges by reading arbitrary files with the permissions of the targeted process. The vulnerability exists due to improper handling of IOCBs (I/O Control Blocks) in the do_aio_direct_read() function. By exploiting this vulnerability, an attacker can bypass file permissions and read sensitive information.
Mitigation:
To mitigate this vulnerability, it is recommended to apply the latest patches and updates provided by the Linux distribution. Additionally, ensure that file permissions are properly configured to restrict access to sensitive files.