{"uuid": "2b95d0d6-9313-4d9a-b478-6b59b23bacc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/155", "content": "Exploiting CVE-2021-41073 in io_uring\n\nValentina Palmiotti published an excellent write-up about exploiting a type confusion in io_uring to gain root privileges.\n\nThis bug allows freeing arbitrary slab allocations from the kmalloc-32 cache.\n\nValentina described how she constructed these exploit primitives:\n\n\u2714\ufe0f UAF in kmalloc-32\n\u2714\ufe0f Kernel heap info-leak\n\u2714\ufe0f Control flow hijacking\n\u2714\ufe0f Illegal privilege escalation\n\nThe researcher also described her experience with responsible disclosure.", "creation_timestamp": "2022-03-09T18:56:10.000000Z"}