Post Syndicated from original https://lwn.net/Articles/862955/rss

For those who appreciate detailed descriptions of how to exploit a kernel
vulnerability, this
report on a netfilter bug should certainly satisfy.

CVE-2021-22555 is a 15 years old heap out-of-bounds write
vulnerability in Linux Netfilter that is powerful enough to bypass
all modern security mitigations and achieve kernel code
execution. It was used to break the kubernetes pod isolation of the
kCTF cluster and won 10000$ for charity (where Google will match
and double the donation to 20000$).