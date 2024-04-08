On X, Lau (@notselwyn) (https://twitter.com/notselwyn/) released a blogpost on 26 March at https://pwning.tech/nftables/ describing an elaborate attack on the Linux kernel that allows privilege escalation by exploiting a vulnerability in nf_tables. The POC, published on Github, starting with a double free() leads the kernel to execute arbitrary code with root privileges.

[...]

The kernel is the first layer of software that ’embraces’ and protects the hardware. In modern operating systems, one of its most important tasks is to keep processes in separate and protected ‘islands’. In some cases, a process needs access to ‘privileged’ resources, in which case it can politely ask the kernel to execute the request with its ‘superpowers’ and then respond to the calling process with the result, without the need to run the entire process with elevated privileges.