{"uuid": "ee402945-0867-4064-bad8-0cc927608eb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27666", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/159", "content": "CVE-2022-27666: Exploit esp6 module in Linux kernel\n\nXiaochen Zou aka ETenal published an article on exploiting a page_alloc-out-of-bounds in the esp6 crypto module.\n\nThe researcher:\n\n1\ufe0f\u20e3 performed page-level heap fengshui to gain page_alloc-to-slab overflow,\n\n2\ufe0f\u20e3 constructed arbitrary read/write using the msg_msg kernel object,\n\n3\ufe0f\u20e3 finally achieved root privileges via modprobe_path overwrite.\n\nThe article comes with excellent animated diagrams.", "creation_timestamp": "2022-03-31T10:34:46.000000Z"}