Want to get paid for a vulnerability similar to this one?
Contact us at: firstname.lastname@example.org
See our full scope at: https://blogs.securiteam.com/index.php/product_scope
A use after free vulnerability in AF_LLC allows local attackers to control the flow of code that the kernel executes, allowing them to cause it to run arbitrary code and gain elevated privileges.
The vulnerability was reported to the Kernel Security, which asked us to contact the netdev team. A patch was provided by the netdev team, on the 27th of March, and was later integrated into the main code of Linux (we are not certain when).
Attempts to recontact the netdev and understand more on the timeline, went unanswered.
We know that the patch has been introduced as part of:
An independent security researcher has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
The oldest known version to be affected Linux version 188.8.131.52, the patch has been introduced as part of 4.17-rc2.
Continue reading SSD Advisory – Linux AF_LLC Double Free