[+] Identify and analyze kernel version
This module tries to identify the version of the used Linux kernel. The following sources are tested:
- Results of module s24
- Identified kernel modules in .ko format
- Identified kernel modules in .o format
- Filesytem path of kernel modules - e.g.: /lib/modules/1.2.3/bla
Additionally it checks the identified kernel version with the linux-exploit-suggester (https://github.com/mzet-/linux-exploit-suggester) for known exploits.
Finally it tests the kernel modules for interesting combination of closed source modules with debugging information. E.g. Non open source modules with debugging information included.
Kernel version:
4.14.105
Kernel details:
==> Kernel vulnerabilities
[+] Found linux kernel version/s:
4.14.105
==> Possible exploits via linux-exploit-suggester.sh for kernel version 4.14.105
[*] Search possible exploits via linux-exploit-suggester.sh for kernel version 4.14.105
https://github.com/mzet-/linux-exploit-suggester
Available information:
Kernel version: 4.14.105
Architecture: N/A
Distribution: N/A
Distribution version: N/A
Additional checks (CONFIG_*, sysctl entries, custom Bash commands): N/A
Package listing: N/A
Searching among:
81 kernel space exploits
0 user space exploits
Possible Exploits:
[+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET)
Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
CVE-2022-32250-linux-kernel-lpe-2022/" title="https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/" target="_blank" >https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
Exposure: less probable
Tags: ubuntu=(22.04){kernel:5.15.0-27-generic}
Download URL: CVE-2022-32250-exploit/main/exp.c" title="https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c" target="_blank" >https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
Requirements: pkg=linux-kernel,ver<5.18.1,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1
author: vulnerability discovery: EDG Team from NCC Group; Author of this exploit: theori.io
[+] [CVE-2022-2586] nft_object UAF
Details: https://www.openwall.com/lists/oss-security/2022/08/29/5
Exposure: less probable
Tags: ubuntu=(20.04){kernel:5.12.13}
Download URL: https://www.openwall.com/lists/oss-security/2022/08/29/5/1
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
Requirements: pkg=linux-kernel,ver>=3.16,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1
author: vulnerability discovery: Team Orca of Sea Security; Exploit author: Alejandro Guerrero
[+] [CVE-2021-27365] linux-iscsi
Details: https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Exposure: less probable
Tags: RHEL=8
Download URL: https://codeload.github.com/grimm-co/NotQuite0DayFriday/zip/trunk
Comments: CONFIG_SLAB_FREELIST_HARDENED must not be enabled
Requirements: pkg=linux-kernel,ver<=5.11.3,CONFIG_SLAB_FREELIST_HARDENED!=y
author: GRIMM
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
Exposure: less probable
Tags: ubuntu=20.04{kernel:5.8.0-*}
Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
ext-url: CVE-2021-22555/exploit.c" title="https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c" target="_blank" >https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
Comments: ip_tables kernel module must be loaded
Requirements: pkg=linux-kernel,ver>=2.6.19,ver<=5.12-rc6
exploit-db: 50135
author: theflow (orginal exploit author); bcoles (author of exploit update at 'ext-url')
[+] [CVE-2019-15666] XFRM_UAF
Details: https://duasynt.com/blog/ubuntu-centos-redhat-privesc
Exposure: less probable
Download URL:
Comments: CONFIG_USER_NS needs to be enabled; CONFIG_XFRM needs to be enabled
Requirements: pkg=linux-kernel,ver>=3,ver<5.0.19,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1,CONFIG_XFRM=y
author: Vitaly 'vnik' Nikolenko
[+] [CVE-2019-13272] PTRACE_TRACEME
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903
Exposure: less probable
Tags: ubuntu=16.04{kernel:4.15.0-*},ubuntu=18.04{kernel:4.15.0-*},debian=9{kernel:4.9.0-*},debian=10{kernel:4.19.0-*},fedora=30{kernel:5.0.9-*}
Download URL: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47133.zip
ext-url: CVE-2019-13272/poc.c" title="https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c" target="_blank" >https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c
Comments: Requires an active PolKit agent.
Requirements: pkg=linux-kernel,ver>=4,ver<5.1.17,sysctl:kernel.yama.ptrace_scope==0,x86_64
exploit-db: 47133
47163
author: Jann Horn (orginal exploit author); bcoles (author of exploit update at 'ext-url')
[+] WARNING: Vulnerability CVE-2019-13272 is a known exploited vulnerability.
==> Check modprobe.d directory and content
[-] No modprobe.d directory found
[-] No check for kernel configuration
==> Analyze kernel modules
[*] Found 83 kernel modules.
[-] No support for .o kernel modules - /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/usr/lib/libjwt.a_extract/libjwt_la-base64.o
[-] No support for .o kernel modules - /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/usr/lib/libjwt.a_extract/libjwt_la-jwt-openssl.o
[-] Found kernel module /lib/modules/4.14.105/mt7603e.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/iptable_nat.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_conntrack.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/sg.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/pppoe.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/compat.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ohci-hcd.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/vfat.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ohci-platform.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/pppox.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_log_ipv4.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_tcpudp.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/mt76.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_TCPMSS.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/iptable_filter.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/i2c-core.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/usbcore.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_nat.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_nat.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/scsi_mod.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/fat.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_defrag_ipv4.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nls_iso8859-1.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_REDIRECT.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ipt_MASQUERADE.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/spi-bitbang.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_nat_masquerade_ipv4.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ppp_async.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nls_cp437.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/i2c-dev.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/leds-gpio.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ehci-hcd.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_conntrack_ipv6.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/i2c-gpio.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ip6t_REJECT.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] No support for .o kernel modules - /logs/firmware/unblob_extracted/firmware_extract/1568982-13971496.squashfs_v4_le_extract/usr/lib/libjwt.a_extract/libjwt_la-jwt.o
[-] Found kernel module /lib/modules/4.14.105/xt_LOG.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_flow_table_hw.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/crc7.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ip6table_filter.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/slhc.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ledtrig-usbport.ko (-rw-r--r-- root root) License: GPLv2 - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_mark.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_nat_redirect.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_reject_ipv4.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ip6_tables.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_nat_ipv4.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_FLOWOFFLOAD.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/iptable_mangle.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_reject_ipv6.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/crc-ccitt.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ppp_generic.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/i2c-gpio-custom.ko (-rw-r--r-- root root) License: GPLv2 - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_state.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_defrag_ipv6.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_log_common.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nls_utf8.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_log_ipv6.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_time.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ip6table_mangle.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/configfs.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ipt_REJECT.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/crc-itu-t.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nls_base.ko (-rw-r--r-- root root) License: DualBSD/GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ehci-platform.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_flow_table.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/ip_tables.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/cfg80211.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/x_tables.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_limit.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/usb-storage.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_conntrack_rtcache.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_mac.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/nf_conntrack_ipv4.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_comment.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/usb-common.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_multiport.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/sd_mod.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/xt_conntrack.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/mac80211.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
[-] Found kernel module /lib/modules/4.14.105/i2c-algo-bit.ko (-rw-r--r-- root root) License: GPL - NOT STRIPPED
