Security researchers have published the details and proof-of-concept (PoC) exploits of an integer overflow vulnerability in the Linux kernel that could allow an unprivileged user to gain superuser access to the targeted system.

The vulnerability, discovered by cloud-based security and compliance solutions provider Qualys, which has been dubbed “Mutagen Astronomy,” affects the kernel versions released between July 2007 and July 2017, impacting the Red Hat Enterprise Linux, CentOS, and Debian distributions.

The Mutagen Astronomy vulnerability tracked as CVE-2018-14634, is a type of a local privilege escalation issue—one of the most common issues with operating systems as a whole—and exists in the Linux kernel’s create_elf_tables() function that operates the memory tables.

To successfully exploit this vulnerability, attackers need to have access to the targeted system and run their exploit that leads to a buffer overflow, thereby resulting in the execution of malicious code and achieving complete control of the affected system.

linux kernel privilege escalation exploit

According to a security advisory published by Qualys on Tuesday, the security vulnerability can be exploited to escalate privileges to root via a SUID-root binary, but it only works on 64-bit systems.

“This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. Systems with less than 32GB of memory are unlikely to be affected by this issue due to memory demands during exploitation,” an advisory released by Red Hat reads.

“Only kernels with commit b6a2fea39318 (“mm: variable length argument support,” from July 19, 2007) but without commit da029c11e6b1 (“exec: Limit arg stack to at most 75% of _STK_LIM”, from July 7, 2017) are exploitable,” the Qualys advisory says.

Linux Kernel versions 2.6.x, 3.10.x and 4.14.x, are said to be vulnerable to the Mutagen Astronomy flaw.

While most Linux distributions have backported commit da029c11e6b1 to their long-term-supported kernels to address the issue, Red Hat Enterprise Linux, CentOS, and Debian 8 Jessie (the current “oldstable” version) has not yet been implemented the fix and therefore, are still vulnerable.

Proof-of-Concept (PoC) Exploits Released

Qualys reported the vulnerability to Red Hat on August 31, 2018, and to Linux kernel developers on September 18, 2018. Red Hat, assigned the flaw as “important” with a CVSS score of 7.8 (high severity), has begun releasing security updates that address the issue.

“This issue affects the version of the kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2 will address this issue,” Red Hat says.

However, the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 are not affected by the Mutagen Astronomy vulnerability.

Qualys researchers have also released both technical details and proof-of-concept (PoC) exploits (Exploit 1Exploit 2) for the vulnerability to the public.