Hacker Exploit Use-After-Free Vulnerability In Linux Kernel

The Linux Kernel vulnerability, if successfully deployed, could allow malicious actors to escalate their privileges locally within affected systems.

by Ashish Khaitan June 25, 2024

Share on LinkedInShare on Twitter

A security threat has surfaced on dark web forums: a zero-day exploit targeting a use-after-free (UAF) vulnerability in the Linux Kernel, specifically version 6.6.15-amd64. This use-after-free vulnerability, advertised for sale by an actor known as Cas, promises capabilities that include privileged code execution and potential access to sensitive data.

According to the post, which has garnered attention from cybersecurity communities, the Linux Kernel vulnerability exploit is being offered for $150,000 in either Monero or Bitcoin. The threat actor Cas has specified that interested buyers must demonstrate proof of sufficient funds before any transaction can proceed, highlighting the illicit nature and high stakes of such transactions.

Use-After-Free Vulnerability Targets Linux Kernel

Source: Dark Web

The Linux Kernel vulnerability, if successfully deployed, could allow malicious actors to escalate their privileges locally within affected systems, potentially executing code with root-level permissions. This type of vulnerability poses severe risks to both individual users and organizations relying on Linux-based systems.

Selling Oday Use-after free in the Linux Kernel, you can use it to do a Privileged Code Execution (LPE (Local Privilege Escalation), or execute code with root privileges), (Data Leakage )..etc Affected version: 6.6.15-amd64. Environment arch: 64-bit and Price: 150k Monero & BTC”, reads the threat actor post.

Moderators on these forums have highlighted another individual, known as IntelBroker, who claims to have verified the proof-of-concept (PoC) behind the exploit privately. This endorsement adds credibility to Cas’s offer, despite the lack of publicly available evidence.

Previous Instances and Industry Impact

Earlier, cybersecurity firm Rewterz reported a similar instance involving CVE-2024-36886, where a use-after-free flaw in the Linux Kernel (version 4.1) could be exploited by remote attackers to execute arbitrary code. This use-after-free vulnerability, triggered by fragmented TIPC messages, highlights ongoing challenges in securing Linux environments against sophisticated exploits.

A use-after-free (UAF) vulnerability occurs when a program continues to access memory that has already been deallocated. This issue arises when dynamic memory allocation, typically managed by functions like free() in languages such as C or C++, is mishandled. 

The program may inadvertently reference this freed memory, leading to unpredictable behavior such as crashes or security vulnerabilities. Exploitation of UAF vulnerabilities can allow attackers to manipulate the program’s behavior, potentially executing arbitrary code or escalating privilege


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button