User-Mode Linux (UML) Kernel Address Space Protection Vulnerability

vendor:

User-Mode Linux (UML)

by:

SecurityFocus

7.2

CVSS

HIGH

Kernel Address Space Protection Vulnerability

119

CWE

Product Name: User-Mode Linux (UML)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2002

User-Mode Linux (UML) Kernel Address Space Protection Vulnerability

UML does not correctly protect kernel address space from user programs within the UML environment. It may be possible to execute arbitrary code within the kernel and gain root access. Additionally, it may be possible to use this vulnerability to escape the UML environment, leading to local access on the hosting system.

Mitigation:

Memory protection may be partially implemented at this time.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3973/info

User-Mode Linux (UML) is a patch which allows the Linux Kernel to run as a user space process. It is currently available for the Linux operating system. It may be used as an efficient tool for kernel development, as well as for virtual networking, honeypots, and experimentation.

UML does not correctly protect kernel address space from user programs within the UML environment. It may be possible to execute arbitrary code within the kernel and gain root access. Additionally, it may be possible to use this vulnerability to escape the UML environment, leading to local access on the hosting system.

This is a known problem with the current UML implementation. Memory protection may be partially implemented at this time.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21248.tgz