Preface: A zero-day exploit targeting a use-after-free (UAF) vulnerability in the Linux Kernel. Staying Alert!
Slab–use–after–free vulnerabilities occur when memory that’s been previously freed is accessed again, often leading to unpredictable behavior or system crashes. KernelAddressSANitizer (KASAN) is a dynamic memory error detector designed to find out-of-bound and use–after–free bugs.
Background: The Controller Area Network (CAN bus) is a message-based protocol designed to allow the Electronic Control Units (ECUs) found in today’s automobiles, as well as other devices, to communicate with each other in a reliable, priority-driven fashion.
The Broadcast Manager protocol provides a command based configuration interface to filter and send (e.g. cyclic) CAN messages in kernel space. Filtering messages in kernel space may significantly reduce the load in an application. A BCM socket is not intended for sending individual CAN frames.
Vulnerability details: KernelAddressSANitizer (KASAN) is a dynamic memory error detector. It provides a fast and comprehensive solution for finding use-after-free and out-of-bounds bugs.
BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862.
Please refer to the official announcement for details
Official announcement: Please see the link below for details –