Follow

RCE in Linux (inc Android) via UDP. CVSS 10.0. I'm a little confused as to why a bigger fuss isn't being made of this
nvd.nist.gov/vuln/detail/CVE-2
Is it that the vuln doesn't have a cool brand name and logo and website?
I was pleasantly surprised to find out that my nexus phone was patched for this last week. Other androids are probably going to be fucked

@liamo "Is it that the vuln doesn't have a cool brand name and logo and website?"

Probably.

@liamo Fefe explains that very few (if any) applications use MSG_PEEK on UDP sockets – which would be required for this bug to be exploitable: blog.fefe.de/?ts=a6110f5c (german only, unfortunately)

@liamo Not my expertise, but from what I heard from experienced coders it has to do with the fact that MSG_PEEK is seldom used in general, and next to never with UDP. So it apparently would need a user-space app doing that to trigger the kernel RCE.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!