[PATCH 1/3] capabilities: user namespace capabilities

John Johansen john.johansen at canonical.com
Fri May 17 12:48:55 UTC 2024


On 5/17/24 04:55, Jonathan Calmels wrote:
> On Fri, May 17, 2024 at 06:32:46AM GMT, Eric W. Biederman wrote:
>>
>> Pointers please?
>>
>> That sentence sounds about 5 years out of date.
> 
> The link referenced is from last year.
> Here are some others often cited by distributions:
> 
> https://nvd.nist.gov/vuln/detail/CVE-2022-0185
> https://nvd.nist.gov/vuln/detail/CVE-2022-1015
> https://nvd.nist.gov/vuln/detail/CVE-2022-2078
> https://nvd.nist.gov/vuln/detail/CVE-2022-24122
> https://nvd.nist.gov/vuln/detail/CVE-2022-25636
> 
> Recent thread discussing this too:
> https://seclists.org/oss-sec/2024/q2/128
> 

they were used in 2020, 2021, and 2022 pwn2own exploits. Sorry I don't remember the exact numbers and will have to dig.

pwn2own 2023 4/5 hacks used them
https://www.zerodayinitiative.com/blog/2023/3/23/pwn2own-vancouver-2023-day-two-results
I will need to dig to find the CVEs associated with them.

pwn2own 2024 I can not discuss atm

but its not just pwn2own, the actual list of kernel CVEs that unprivileged user namespaces make exploitable is much larger.




More information about the Linux-security-module-archive mailing list