Vulnerabilities tagged "race-condition"

LogMeIn Driver Handle Duplication Vulnerability Leading to Privilege Escalation

The primitive in play here is a handle duplication attack, and basically the LogMeIn device driver has an IOCTL that will temporarily duplicate a handle specified by the caller (attacker). Along with allowing users to open the device with `PROCESS_DUP_HANDLE` one can open the device and then try to duplicate the newly created handle before it gets closed to continue to hold a reference to a privileged handle and use that for an elevation of privilege.

Exploitation of a fairly constrained UAF Primitive in the Linux Kernel [CVE-2022-42703]

A post on exploiting a bug that Jann Horn discovered in the linux kernel's memory management (MM) subsystem.The bug isn't detailed in this post and is fairly complex (there is a project zero bug report but it's difficult to understand without deep knowledge of MM internals), though they state it will be written up in a future blogpost...