Linux Kernel ELF Core Dump Privilege Elevation

Paul Starzetz says, a locally exploitable flaw has been found in the Linux ELF binary format loader’s core dump function that allows local users to gain root privileges and also execute arbitrary code at kernel privilege level. The Linux kernel contains a binary format loader layer to load (execute) programs in different binary formats like ELF or a.out. Some of the binary format modules like ELF provide an additional function to the kernel layer named core_dump(). The kernel may call this function if a fault (e.g. memory access error) occurs during the execution of the binary. The core_dump() function will be called by the kernel, if the process’s limit for the core file (RLIMIT_CORE) is sufficiently high and the process’s binary format supports core dumping. Read more.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s