Cybersecurity researchers have recently uncovered a new Linux kernel exploitation technique known as SLUBStick. This technique exploits an allocator timing side channel to carry out a cross-cache attack with a success rate exceeding 99% for commonly used general-purpose caches [3].

Description

Demonstrated on Linux kernel versions 5.19 and 6.2 [1] [3], SLUBStick leverages nine security vulnerabilities to achieve privilege escalation to root without authentication and escape container environments. By manipulating kernel data and obtaining an arbitrary memory read-and-write primitive [1] [3], SLUBStick can bypass defenses like Kernel address space layout randomization (KASLR). This attack technique assumes the presence of a heap vulnerability in the Linux kernel and code execution capabilities for an unprivileged user. Additionally, SLUBStick can bypass security protections such as SMEP [2], SMAP [2], and KASLR [2] [3], posing a significant threat to the Linux kernel’s memory safety [2]. By utilizing memory reuse in the Linux kernel allocator and exploiting a side-channel to observe memory usage, SLUBStick can determine the optimal time to reallocate a memory hash [2], potentially leading to elevated privileges, breaking out of sandbox environments in virtual machines [2], and gaining root access to the host system [2].

Conclusion

The SLUBStick technique poses a serious threat to the security of the Linux kernel, as it can bypass various security protections and gain root access to the host system. Mitigating this threat will require patching the identified security vulnerabilities and implementing additional security measures to prevent similar attacks in the future. The discovery of SLUBStick highlights the importance of ongoing research and development in cybersecurity to stay ahead of evolving threats.

References

[1] https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html
[2] https://www.yahoo.com/news/linux-kernel-attack-slips-past-161519442.html
[3] https://www.ruetir.com/2024/08/07/slubstick-new-linux-kernel-exploitation-technique/