{"uuid": "079adbc1-8f48-4f5c-8f0d-175b4c3242ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-26708", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/96", "content": "CVE-2021-22555: Turning \\x00\\x00 into 10000$ by Andy Nguyen\n\nCVE-2021-22555 is a 15 years old heap out-of-bounds write vulnerability in Linux Netfilter that is powerful enough to bypass all modern security mitigations and achieve kernel code execution. It was used to break the kubernetes pod isolation of the kCTF cluster and won 10000$.\n\nhttps://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html\n\nAmazingly, Andy independently reinvented the msgsnd() exploitation technique, that I created in January for my CVE-2021-26708 exploit: \nhttps://a13xp0p0v.github.io/2021/02/09/CVE-2021-26708.html", "creation_timestamp": "2021-07-15T05:50:11.000000Z"}