CVE-2017-1000112 is a vulnerability I found in the Linux kernel caused by a UFO to non-UFO path switch for UFO packets. It can be exploited to gain kernel code execution from an unprivileged process.

This vulnerability was reported to [email protected] and linux-distros@ following the coordinated disclosure process and then announced on oss-security@. The fix was committed on Aug 10, 2017.

I wrote a proof-of-concept exploit for a range of Ubuntu kernels Ubuntu kernel which gains root from an unprivileged user, which can be found here. More details about the vulnerability and exploitation can be found in the oss-security announcement.

The reason I’m reporting this now is that a similar bug that I’ve reported a while ago has recently been triaged and addressed, so it seems that LPE Linux kernel bugs are within the scope of this IBB program.

Thanks!