Cybersecurity experts have uncovered a new Linux kernel exploitation method known as SLUBStick. This technique can be used to escalate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
A group of researchers from Graz University of Technology detailed in a PDF document that the exploit leverages a timing side-channel of the allocator to carry out a cross-cache attack with over a 99% success rate on frequently used generic caches.
The complexity of memory safety vulnerabilities in the Linux kernel is heightened due to security features like Supervisor Mode Access Prevention (SMAP), Kernel Address Space Layout Randomization (KASLR), and Kernel Control Flow Integrity (kCFI).
The SLUBStick technique has demonstrated successful exploitation on Linux kernel versions 5.19 and 6.2 by leveraging security flaws discovered between 2021 and 2023, resulting in privilege escalation to root access and container escapes.
Unlike existing methods with a 40% success rate, SLUBStick offers a reliable way to modify kernel data and gain an arbitrary memory read-and-write primitive that can bypass defenses like KASLR.
However, for this technique to work, it requires a heap vulnerability in the Linux kernel and the presence of code execution capabilities by an unprivileged user.
The researchers mentioned, “SLUBStick exploits newer systems, including v5.19 and v6.2, for various heap vulnerabilities.”
If you found this article intriguing, be sure to follow us on Twitter ï‚™ and LinkedIn for more exclusive content.