C/C++ How to find actual code to run CVE

Hello, I found one CVE vulnerability, that seems to give root access on one of servers that I have access to, but I don't know where I can find the actual description of this bug, or the executable code itself to test.

Are this CVE codes are public?

the one I'm looking for is for linux
3.10.0-1160.45.1.el7.x86_64

Can anyone help?)
 

zirias@

Developer
You're looking for an exploit. Sometimes, code for an exploit is published, sometimes it isn't. A CVE description should give enough information to write your own.
 
The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/infiniband/core/ucma.c, because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called. A local user can run a specially crafted program to trigger the use-after-free error and execute arbitrary code with elevated privileges.
That sound impossible!
 

zirias@

Developer
That sound impossible!
Well, "use-after-free" is clearly in the "undefined behavior" area of C, and undefined behavior is often characterized as "expect demons flying out of your nose" -- sounds impossible enough? 😏

A bit more seriously, "use-after-free" is a security issue, the program still expects some pointer to point so some known object despite the memory was returned to the system. Exploiting that means to cause something new to be placed at the same memory address... can be "tricky" with modern allocators that behave lazily with reusing freed memory, but it's certainly possible.
 
That sound impossible!
Nah, perfectly easy. Using memory after it has been freed is a bug programmers cause all the time in C-based languages. All you need to do is to read the source code in question (which sounds gnarly, the list of contexts in the Infiniband driver), find the bug, figure out how to give a defective list of ctx entries to the driver to trigger the bug, acquire the correct hardware that uses that driver, set up an Infiniband network, and try it. Not impossible, merely very difficult.
 

SirDice

Administrator
Staff member
Administrator
Moderator
the one I'm looking for is for linux
Unless this CVE applies to our Linux emulation your question is better asked on Linux forums.

The vulnerability exists due to a use-after-free error in drivers/infiniband/core/ucma.c,
So, it's a bug in Linux's infiniband driver. Thus doesn't apply to the Linux emulation. Bug may manifest in FreeBSD's infiniband driver but can't tell from the little information you posted.
 
Top