Metasploit modules that can be used to exploit Netapp » H700s Firmware » N/A

This module exploits a vulnerability in the Linux Kernel's watch_queue event notification system. It relies on a heap out-of-bounds write in kernel memory. The exploit may fail on the first attempt so multiple attempts may be needed. Note that the exploit can potentially cause a denial of service if multiple failed attemps occur, however this is unlikely. Authors: - Jann Horn - bonfee - bwatters-r7

More information

This exploit targets a vulnerability in the Linux kernel since 5.8, that allows writing of read only or immutable memory. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102. The module exploits this vulnerability by overwriting a suid binary with the payload, executing it, and then writing the original data back. There are two major limitations of this exploit: the offset cannot be on a page boundary (it needs to write one byte before the offset to add a reference to this page to the pipe), and the write cannot cross a page boundary. This means the payload must be less than the page size (4096 bytes). Authors: - Max Kellermann - timwr

More information

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges. The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access. The issue exists in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. Authors: - Arthur Mongodin <amongodin <Arthur Mongodin <amongodin@randorisec.fr> (@_Aleknight_)> - Redouane NIBOUCHA <rniboucha@yahoo.fr>

More information