#useafterfree — Public Fediverse posts

[Перевод] Как я нашёл уязвимость в ядре Linux при помощи модели o3

В этом посте я расскажу, как нашёл уязвимость нулевого дня в ядре Linux при помощи модели OpenAI o3. Уязвимость обнаружилась благодаря одному лишь API o3 — не потребовались никакая дополнительная настройка, агентские фреймворки и инструменты. Недавно я занимался аудитом уязвимостей ksmbd. ksmbd — это « сервер ядра Linux, реализующий в пространстве ядра протокол SMB3 для передачи файлов по сети ». Я приступил к этому проекту специально для того, чтобы взять отдых от разработки связанных с LLM инструментов, но после релиза o3 не мог избежать искушения и не использовать в качестве небольшого бенчмарка способностей o3 баги, найденные мной в ksmbd. В одном из следующих постов я расскажу о показателях o3 при обнаружении всех этих багов, а сегодня мы поговорим о том, как в процессе моего бенчмаркинга o3 обнаружила уязвимость нулевого дня. Найденной уязвимости присвоили обозначение CVE-2025-37899 (её патч выложен на Github ), это use-after-free в обработчике команды SMB logoff . Для понимания уязвимости необходимо знать о работе конкурентных подключений к серверу и о том, как они в определённых обстоятельствах могут обмениваться различными объектами. Модели o3 удалось разобраться в этом и найти место, где конкретный объект с автоматическим подсчётом ссылок освобождался, но продолжал оставаться доступным для другого потока. Насколько я понимаю, это будет первым публичным рассказом об уязвимости подобного типа, обнаруженной LLM.

https://habr.com/ru/articles/912916/

#openai_o3 #o3 #llm #уязвимости #useafterfree #large_language_models #большие_языковые_модели

Active Exploitation of Mali GPU Kernel Driver Flaw

Date: June 10, 2024
CVE: CVE-2024-4610
Vulnerability Type: [[Use-After-Free]] (UAF)
CWE: [[CWE-416]], [[CWE-119]]
Sources: Bleeping Computer, The Register, HotHardware

Synopsis

Arm has issued a security bulletin concerning a critical memory-related vulnerability in its Mali GPU kernel drivers, which is currently being exploited in the wild. This vulnerability affects Bifrost and Valhall GPU kernel drivers across multiple versions.

Issue Summary

The vulnerability, identified as [[CVE-2024-4610]], is a [[use-after-free]] flaw in the Mali GPU kernel drivers. This flaw allows a local non-privileged user to perform improper GPU memory operations, gaining access to already freed memory. The flaw impacts all versions of the Bifrost and Valhall drivers from r34p0 through r40p0.

Technical Key Findings

Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed. This can lead to serious issues such as information disclosure and arbitrary code execution. In the case of CVE-2024-4610, a local attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a full system compromise.

Vulnerable Products

• Bifrost GPUs: Versions r34p0 to r40p0
• Valhall GPUs: Versions r34p0 to r40p0
• Devices: Including but not limited to Samsung Galaxy S20, Xiaomi Redmi K30, Motorola Edge 40, OnePlus Nord 2, Chromebooks, and various embedded systems.

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive information, system compromise, and potential deployment of malware. The vulnerability's exploitation in the wild indicates a significant risk, especially for high-value targets such as activists and journalists.

Patches or Workaround

Arm has released a patch for this vulnerability in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, available since November 24, 2022. Users are advised to update their drivers to the latest version to mitigate this risk. Due to the complexity of the supply chain, some users may experience delays in receiving the updates.

Tags

#CVE-2024-4610 #MaliGPU #Arm #UseAfterFree #Vulnerability #Patch #CyberSecurity #AndroidDevices #SystemCompromise #HighRisk

Active Exploitation of Mali GPU Kernel Driver Flaw

Date: June 10, 2024
CVE: CVE-2024-4610
Vulnerability Type: [[Use-After-Free]] (UAF)
CWE: [[CWE-416]], [[CWE-119]]
Sources: Bleeping Computer, The Register, HotHardware

Synopsis

Arm has issued a security bulletin concerning a critical memory-related vulnerability in its Mali GPU kernel drivers, which is currently being exploited in the wild. This vulnerability affects Bifrost and Valhall GPU kernel drivers across multiple versions.

Issue Summary

The vulnerability, identified as [[CVE-2024-4610]], is a [[use-after-free]] flaw in the Mali GPU kernel drivers. This flaw allows a local non-privileged user to perform improper GPU memory operations, gaining access to already freed memory. The flaw impacts all versions of the Bifrost and Valhall drivers from r34p0 through r40p0.

Technical Key Findings

Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed. This can lead to serious issues such as information disclosure and arbitrary code execution. In the case of CVE-2024-4610, a local attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a full system compromise.

Vulnerable Products

• Bifrost GPUs: Versions r34p0 to r40p0
• Valhall GPUs: Versions r34p0 to r40p0
• Devices: Including but not limited to Samsung Galaxy S20, Xiaomi Redmi K30, Motorola Edge 40, OnePlus Nord 2, Chromebooks, and various embedded systems.

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive information, system compromise, and potential deployment of malware. The vulnerability's exploitation in the wild indicates a significant risk, especially for high-value targets such as activists and journalists.

Patches or Workaround

Arm has released a patch for this vulnerability in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, available since November 24, 2022. Users are advised to update their drivers to the latest version to mitigate this risk. Due to the complexity of the supply chain, some users may experience delays in receiving the updates.

Tags

#CVE-2024-4610 #MaliGPU #Arm #UseAfterFree #Vulnerability #Patch #CyberSecurity #AndroidDevices #SystemCompromise #HighRisk

Active Exploitation of Mali GPU Kernel Driver Flaw

Date: June 10, 2024
CVE: CVE-2024-4610
Vulnerability Type: [[Use-After-Free]] (UAF)
CWE: [[CWE-416]], [[CWE-119]]
Sources: Bleeping Computer, The Register, HotHardware

Synopsis

Arm has issued a security bulletin concerning a critical memory-related vulnerability in its Mali GPU kernel drivers, which is currently being exploited in the wild. This vulnerability affects Bifrost and Valhall GPU kernel drivers across multiple versions.

Issue Summary

The vulnerability, identified as [[CVE-2024-4610]], is a [[use-after-free]] flaw in the Mali GPU kernel drivers. This flaw allows a local non-privileged user to perform improper GPU memory operations, gaining access to already freed memory. The flaw impacts all versions of the Bifrost and Valhall drivers from r34p0 through r40p0.

Technical Key Findings

Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed. This can lead to serious issues such as information disclosure and arbitrary code execution. In the case of CVE-2024-4610, a local attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a full system compromise.

Vulnerable Products

• Bifrost GPUs: Versions r34p0 to r40p0
• Valhall GPUs: Versions r34p0 to r40p0
• Devices: Including but not limited to Samsung Galaxy S20, Xiaomi Redmi K30, Motorola Edge 40, OnePlus Nord 2, Chromebooks, and various embedded systems.

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive information, system compromise, and potential deployment of malware. The vulnerability's exploitation in the wild indicates a significant risk, especially for high-value targets such as activists and journalists.

Patches or Workaround

Arm has released a patch for this vulnerability in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, available since November 24, 2022. Users are advised to update their drivers to the latest version to mitigate this risk. Due to the complexity of the supply chain, some users may experience delays in receiving the updates.

Tags

#CVE-2024-4610 #MaliGPU #Arm #UseAfterFree #Vulnerability #Patch #CyberSecurity #AndroidDevices #SystemCompromise #HighRisk

Active Exploitation of Mali GPU Kernel Driver Flaw

Date: June 10, 2024
CVE: CVE-2024-4610
Vulnerability Type: [[Use-After-Free]] (UAF)
CWE: [[CWE-416]], [[CWE-119]]
Sources: Bleeping Computer, The Register, HotHardware

Synopsis

Arm has issued a security bulletin concerning a critical memory-related vulnerability in its Mali GPU kernel drivers, which is currently being exploited in the wild. This vulnerability affects Bifrost and Valhall GPU kernel drivers across multiple versions.

Issue Summary

The vulnerability, identified as [[CVE-2024-4610]], is a [[use-after-free]] flaw in the Mali GPU kernel drivers. This flaw allows a local non-privileged user to perform improper GPU memory operations, gaining access to already freed memory. The flaw impacts all versions of the Bifrost and Valhall drivers from r34p0 through r40p0.

Technical Key Findings

Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed. This can lead to serious issues such as information disclosure and arbitrary code execution. In the case of CVE-2024-4610, a local attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a full system compromise.

Vulnerable Products

• Bifrost GPUs: Versions r34p0 to r40p0
• Valhall GPUs: Versions r34p0 to r40p0
• Devices: Including but not limited to Samsung Galaxy S20, Xiaomi Redmi K30, Motorola Edge 40, OnePlus Nord 2, Chromebooks, and various embedded systems.

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive information, system compromise, and potential deployment of malware. The vulnerability's exploitation in the wild indicates a significant risk, especially for high-value targets such as activists and journalists.

Patches or Workaround

Arm has released a patch for this vulnerability in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, available since November 24, 2022. Users are advised to update their drivers to the latest version to mitigate this risk. Due to the complexity of the supply chain, some users may experience delays in receiving the updates.

Tags

#CVE-2024-4610 #MaliGPU #Arm #UseAfterFree #Vulnerability #Patch #CyberSecurity #AndroidDevices #SystemCompromise #HighRisk

Active Exploitation of Mali GPU Kernel Driver Flaw

Date: June 10, 2024
CVE: CVE-2024-4610
Vulnerability Type: [[Use-After-Free]] (UAF)
CWE: [[CWE-416]], [[CWE-119]]
Sources: Bleeping Computer, The Register, HotHardware

Synopsis

Arm has issued a security bulletin concerning a critical memory-related vulnerability in its Mali GPU kernel drivers, which is currently being exploited in the wild. This vulnerability affects Bifrost and Valhall GPU kernel drivers across multiple versions.

Issue Summary

The vulnerability, identified as [[CVE-2024-4610]], is a [[use-after-free]] flaw in the Mali GPU kernel drivers. This flaw allows a local non-privileged user to perform improper GPU memory operations, gaining access to already freed memory. The flaw impacts all versions of the Bifrost and Valhall drivers from r34p0 through r40p0.

Technical Key Findings

Use-after-free vulnerabilities occur when a program continues to use a pointer to a memory location after it has been freed. This can lead to serious issues such as information disclosure and arbitrary code execution. In the case of CVE-2024-4610, a local attacker could exploit this flaw to execute arbitrary code on the affected system, potentially leading to a full system compromise.

Vulnerable Products

• Bifrost GPUs: Versions r34p0 to r40p0
• Valhall GPUs: Versions r34p0 to r40p0
• Devices: Including but not limited to Samsung Galaxy S20, Xiaomi Redmi K30, Motorola Edge 40, OnePlus Nord 2, Chromebooks, and various embedded systems.

Impact Assessment

Exploitation of this vulnerability can lead to severe consequences, including unauthorized access to sensitive information, system compromise, and potential deployment of malware. The vulnerability's exploitation in the wild indicates a significant risk, especially for high-value targets such as activists and journalists.

Patches or Workaround

Arm has released a patch for this vulnerability in version r41p0 of the Bifrost and Valhall GPU Kernel Driver, available since November 24, 2022. Users are advised to update their drivers to the latest version to mitigate this risk. Due to the complexity of the supply chain, some users may experience delays in receiving the updates.

Tags

#CVE-2024-4610 #MaliGPU #Arm #UseAfterFree #Vulnerability #Patch #CyberSecurity #AndroidDevices #SystemCompromise #HighRisk

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Date: May 2024
CVE: CVE-2024-22267, CVE-2024-22268, CVE-2024-22269, CVE-2024-22270
Vulnerability Type: Use-After-Free, Heap Buffer Overflow, Information Disclosure
CWE: [[CWE-416]], [[CWE-122]], [[CWE-200]]
Sources: The Hacker News, Broadcom advisory

Issue Summary

Multiple severe security vulnerabilities have been identified in VMware Workstation and Fusion products. These vulnerabilities could potentially allow threat actors to execute arbitrary code, access sensitive information, and trigger denial-of-service (DoS) conditions. The affected versions include Workstation 17.x and Fusion 13.x.

Technical Key Findings

The vulnerabilities include a use-after-free issue in the Bluetooth device (CVE-2024-22267), a heap buffer overflow in the shader functionality (CVE-2024-22268), and two information disclosure flaws (CVE-2024-22269 and CVE-2024-22270). Exploiting these vulnerabilities requires local administrative privileges on a virtual machine, potentially allowing attackers to manipulate the VM's VMX process.

• CVE-2024-22267 (CVSS score: 9.3) - A use-after-free vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22267|9.3|Critical|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22267|9.3|Critical|13.5.2|KB91760|None|

• CVE-2024-22268 (CVSS score: 7.1) - A heap buffer-overflow vulnerability in the Shader functionality that could be exploited by a malicious actor with non-administrative access to a virtual machine with 3D graphics enabled to create a DoS condition

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ------------------------------------------------ | ------------------------ |
| Workstation | 17.x | Windows | CVE-2024-22268 | 7.1 | Important | 17.5.2 | KB59146 | None |
| Fusion | 13.x | OS X | CVE-2024-22268 | 7.1 | Important | 13.5.2 | KB59146 | None |

• CVE-2024-22269 (CVSS score: 7.1) - An information disclosure vulnerability in the Bluetooth device that could be exploited by a malicious actor with local administrative privileges on a virtual machine== to read privileged information contained in hypervisor memory== from a virtual machine

|VMware Product|Version|Running On|CVE|CVSSv3|Severity|Fixed Version|Workarounds|Additional Documentation|
|---|---|---|---|---|---|---|---|---|
|Workstation|17.x|Any|CVE-2024-22269|7.1|Important|17.5.2|KB91760|None|
|Fusion|13.x|OS X|CVE-2024-22269|7.1|Important|13.5.2|KB91760|None|

• CVE-2024-22270 (CVSS score: 7.1) - An information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality that could be exploited by a malicious actor with local administrative privileges on a virtual machine to read privileged information contained in hypervisor memory from a virtual machine

| VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| -------------- | ------- | ---------- | -------------- | --------------------------------------------------------------------------------------------- | --------- | ------------- | ----------- | ------------------------ |
| Workstation | 17.x | Any | CVE-2024-22270 | 7.1 | Important | 17.5.2 | None | None |
| Fusion | 13.x | OS X | CVE-2024-22270 | 7.1 | Important | 13.5.2 | None | None |

Vulnerable Products

• VMware Workstation versions 17.x
• VMware Fusion versions 13.x

Impact Assessment

Exploiting these vulnerabilities could lead to significant security breaches, including arbitrary code execution on the host machine, sensitive data exposure, and system crashes. The critical nature of these flaws underscores the need for immediate remediation to prevent potential attacks.

Patches or Workarounds

VMware has released patches for these vulnerabilities in versions 17.5.2 (Workstation) and 13.5.2 (Fusion). As temporary measures, users are advised to disable Bluetooth support and 3D acceleration features on virtual machines. However, there is no workaround for CVE-2024-22270.

Tags

#VMware #CVE-2024-22267 #CVE-2024-22268 #CVE-2024-22269 #CVE-2024-22270 #UseAfterFree #HeapBufferOverflow #InformationDisclosure #Virtualization #Workstation #Fusion #SecurityPatch