For those who appreciate detailed descriptions of how to exploit a kernel vulnerability, this report on a netfilter bug by Andy Nguyen should certainly satisfy.

cross-posted from: https://lemmy.ml/post/74273

For those who appreciate detailed descriptions of how to exploit a kernel vulnerability, this report on a netfilter bug by Andy Nguyen should certainly satisfy.

CVE-2021-22555 is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution. It was used to break the kubernetes pod isolation of the kCTF cluster and won 10000$ for charity (where Google will match and double the donation to 20000$).

(Not posting the original directly because I liked this introduction text)