PoC Exploit Released for Linux Kernel Privilege Escalation (CVE-2022-23222)
Tr3ee, a security researcher, has released proof-of-concept (PoC) exploit code for a Linux Kernel eBPF local privilege escalation (CVE-2022-23222) vulnerability that the Linux kernel patched in January this year. This flaw has a CVSS score of 7.8 and affected Linux kernel 5.8 or later. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Because the Linux kernel’s adjust_ptr_min_max_vals in the kernel/bpf/verifier.c function has a flaw due to the lack of proper validation of user-supplied eBPF programs prior to executing them, ordinary users can use this vulnerability to obtain root privileges. It has a high impact and is easy to exercise by local attackers.
“The bpf verifier(kernel/bpf/verifier.c) did not properly restrict several *_OR_NULL pointer types which allows these types to do pointer arithmetic. This can be leveraged to bypass the verifier check and escalate privilege,” read the openwall website. In this flaw, a missing sanity check for *_OR_NULL pointer types that perform pointer arithmetic may cause a kernel information leak issue.
We encourage users and administrators to review CVE-2022-23222 and follow the mitigation
set kernel.unprivileged_bpf_disabled to 1