This Metasploit module exploits a race condition and use-after-free in the packet_set_ring function in net/packet/af_packet.c (AF_PACKET) in the Linux kernel to execute code as root (CVE-2016-8655). The bug was initially introduced in 2011 and patched in 2016 in version 4.4.0-53.74, potentially affecting a large number of kernels; however this exploit targets only systems using Ubuntu (Trusty / Xenial) kernels 4.4.0 < 4.4.0-53, including Linux distros based on Ubuntu, such as Linux Mint. The target system must have unprivileged user namespaces enabled and two or more CPU cores. Bypasses for SMEP, SMAP and KASLR are included. Failed exploitation may crash the kernel. This Metasploit module has been tested successfully on Linux Mint 17.3 (x86_64); Linux Mint 18 (x86_64); and Ubuntu 16.04.2 (x86_64) with kernel versions 4.4.0-45-generic and 4.4.0-51-generic.
2c972042e97ba752bad7ba25468c594d74162a227ca514649eb33c75bf60c5e6
Red Hat Security Advisory 2017-0387-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
d61e4a6a0cda3ead6a381937c87a218e78b571abab76a989734954dcaa7056e7
Red Hat Security Advisory 2017-0386-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
476a8bf0397fcb73d59efcb4da6e383b69f0df7fdf6f5c4349d6a3a0a5ca5314
Red Hat Security Advisory 2017-0402-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
2988677ecc136b818b33b244f8544e8267b29269293bd4fa6f8d99a4ee0aebd5
Slackware Security Advisory - New kernel packages are available for Slackware 14.2 and -current to fix a security issue.
05dfa706feac0e6e76ce7a15e9e48ca77c2ff775993a3f8c287b81e7154d0b64
Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges. Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
d8c13d40032210a719f70376fb50f745ce27eca4d0eb24c5096aaa2ba0e42b44
Linux AF_PACKET race condition exploit for Ubuntu 16.04 x86_64.
aa24077d1248b5baa880a452de7a35948ed45d8751c16500d808952b8c992c0d
Ubuntu Security Notice 3151-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
366ea99803b45007b28975fba950ee825bcae8c517bc90500e532dac943f504e
Ubuntu Security Notice 3150-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
01114ec8168ca06ef876602f632596b5ac0058fb4b42a72b0b74d82c64e9f60d
Ubuntu Security Notice 3149-2 - USN-3149-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.
9731ac046103f9c340d873b560f2afaaa0ca3c84506deef542342b131629c0e3
Ubuntu Security Notice 3149-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
47b1b3821d04bf4ee88ff830c4355b2043041b0a774d187a6a18134e753cad2f
Ubuntu Security Notice 3152-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
6a40f0ee04b23e2fabfc56131ab430587cf990f38c7a6483b09550b5949ad6ee
Ubuntu Security Notice 3151-4 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
d2fab5298c22b5a5a949676daea4e21714110552ff25f80853e30f529249f2bf
Ubuntu Security Notice 3150-2 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
e27b7f3da4c744e96fa266bd5562b86cb4562b856349a55c52cd669f78d9bafb
Ubuntu Security Notice 3151-3 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
9db0f9cd682d4172f274216dae7fda69a6d76e1c289494ea22b16c4e3962bfd5
Ubuntu Security Notice 3152-1 - Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges.
2fc1600c5a1b891c887eccc1ab9690b55958aad6e3ae9df58df425149b8c8df8
Ubuntu Security Notice 3151-2 - USN-3151-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Philip Pettersson discovered a race condition in the af_packet implementation in the Linux kernel. A local unprivileged attacker could use this to cause a denial of service or run arbitrary code with administrative privileges. Various other issues were also addressed.
cac405c82a1b4cf4918d416971f4626ddaf020310ddbee3aac884eb9ea77af02