Hi!
CVE-2017-7308 is a vulnerability I found in the Linux kernel caused by a signedness issue in AF_PACKET sockets. It can be exploited to gain kernel code execution from an unprivileged process. The kernel has to be built with CONFIG_PACKET for the vulnerability to be present. A lot of modern distributions enable this option by default.
I initially reported this vulnerability to [email protected] following the coordinated disclosure process. As advised by them Iβve developed a fix for this vulnerability and sent it upstream. The fix was committed on Mar 30, 2017.
I wrote a proof-of-concept exploit for the 4.8.0-41-generic Ubuntu kernel which gains root from an unprivileged user, which can be found here. More details about the vulnerability and exploitation can be found here.
The reason Iβm reporting this now is that a similar bug that Iβve reported a while ago has recently been triaged and addressed, so it seems that LPE Linux kernel bugs are within the scope of this IBB program.
Thanks!
This vulnerability allows a local attacker to elevate privileges to root on a machine with vulnerable Linux kernel version.