Lion Ackermann

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, which allowed for the replacement of a child qdisc from one parent to another. This issue was discovered by Lion Ackermann, who was able to create a Use-After-Free (UAF) condition that could be abused for privilege escalation. The vulnerability is related to the `tc qdisc replace` command, which can lead to a situation where a qdisc is replaced with another one, causing a UAF condition. The patch takes a preventive approach by disallowing such configuration. Technical details about exploitation include: - **API Endpoints:** `/dev/lo` is used as the device for the `tc qdisc` and `tc class` commands. - **Vulnerable Parameters or Variables:** `handle`, `parent`, `classid`, and `priority` are used in the `tc qdisc` and `tc class` commands. - **Function Names:** `tc qdisc add`, `tc qdisc replace`, `tc class add`, and `tc class delete` are used to manipulate the qdisc and class configurations. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A race condition exists between namespace cleanup in ipset and the garbage collection of the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup, leading to use after free. This issue can be exploited to potentially elevate privileges in the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.