In this post I discuss a vulnerability which  allows a local, or remote attacker, to trigger a use-after-free in the TIPC networking stack on affected installations of the Linux kernel.

Sam4k's resource offers insights, tutorials, and resources for software developers and technology enthusiasts. Readers can learn about programming languages, frameworks, and development tools. With articles, tutorials, and code samples, Sam4k provides  guidance and expertise for building software applications and exploring new technologies.

sam4k

A remote use-after-free vulnerability was discovered in the TIPC networking stack of the Linux kernel. The issue arises from improper handling of fragmented message packets, specifically in the function `tipc_buf_append()`. Triggering this vulnerability allows attackers to exploit a use-after-free condition. The flaw, found in kernel versions 4 to 6.8, was introduced in March 2015 and fixed in May 2024. Systems with the TIPC module enabled and reachable by attackers are vulnerable. Remediation steps include unloading and preventing the loading of the TIPC module if not in use.

ZDI-24-821: A Remote UAF in The Kernel's net/tipc