Sometimes internal threats are more dangerous than external anonymous threats! (7th March 2021)

Preface: In computing, ioctl (an abbreviation of input/output control) is a system call for device-specific input/output operations and other operations which cannot be expressed by regular system calls.

Background: The ioctl design for public is considered bad for numerous reasons. And therefore some people suggest replace ioctl with Netlink. Netlink is a very good way for two-way data transmission between the kernel and user applications. Therefore, Infrastructure to provide async events from transports to userspace via netlink. Users can send files associated with Netlink messages and iSCSI, the maximum length of which is the maximum length of Netlink messages.

Vulnerability details: Per user instruction, netlink message require to reference the “structures struct”, “msghdr”, “struct nlmsghdr”, and “struct iovec” when sending netlink messages using the function sendmsg. After completing the steps, the message can be sent directly through the following statement: sendmsg (fd, & msg, 0). However fault found existing design provide ability of an unprivileged user to craft Netlink messages. There are total 3 different vulnerabilities found.CVE-2021-27364 , CVE-2021-27363 and CVE-2021-27365.

Impact: No vendor announcing that their products involves to these design weakness. Perhaps we keep our eye open, see whether is there any related information update will be issued by vendor in future.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.