EMBA firmware report

[+] Identify and analyze kernel version

This module tries to identify the version of the used Linux kernel. The following sources are tested:

    - Results of module s24

    - Identified kernel modules in .ko format

    - Identified kernel modules in .o format

    - Filesytem path of kernel modules - e.g.: /lib/modules/1.2.3/bla

Additionally it checks the identified kernel version with the linux-exploit-suggester (https://github.com/mzet-/linux-exploit-suggester) for known exploits.

Finally it tests the kernel modules for interesting combination of closed source modules with debugging information. E.g. Non open source modules with debugging information included.

Kernel version:

    4.19.56

Kernel details:

    EEPROM_93cx6_chip_driver

    Encrypted_Chain_IV_Generator

    MTD_emulation_layer_over_UBI_volumes

==> Kernel vulnerabilities

[+] Found linux kernel version/s:

    4.19.56

==> Possible exploits via linux-exploit-suggester.sh for kernel version 4.19.56

[*] Search possible exploits via linux-exploit-suggester.sh for kernel version 4.19.56

    https://github.com/mzet-/linux-exploit-suggester

Available information:

Kernel version: 4.19.56

Architecture: N/A

Distribution: N/A

Distribution version: N/A

Additional checks (CONFIG_*, sysctl entries, custom Bash commands): N/A

Package listing: N/A

Searching among:

81 kernel space exploits

0 user space exploits

Possible Exploits:

[+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET)

   Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/

CVE-2022-32250-linux-kernel-lpe-2022/" title="https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/" target="_blank" >https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/

   Exposure: less probable

   Tags: ubuntu=(22.04){kernel:5.15.0-27-generic}

   Download URL: CVE-2022-32250-exploit/main/exp.c" title="https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c" target="_blank" >https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c

   Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)

   Requirements: pkg=linux-kernel,ver<5.18.1,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1

   author: vulnerability discovery: EDG Team from NCC Group; Author of this exploit: theori.io

[+] [CVE-2022-2586] nft_object UAF

   Details: https://www.openwall.com/lists/oss-security/2022/08/29/5

   Exposure: less probable

   Tags: ubuntu=(20.04){kernel:5.12.13}

   Download URL: https://www.openwall.com/lists/oss-security/2022/08/29/5/1

   Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)

   Requirements: pkg=linux-kernel,ver>=3.16,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1

   author: vulnerability discovery: Team Orca of Sea Security; Exploit author: Alejandro Guerrero

[+] [CVE-2021-27365] linux-iscsi

   Details: https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html

   Exposure: less probable

   Tags: RHEL=8

   Download URL: https://codeload.github.com/grimm-co/NotQuite0DayFriday/zip/trunk

   Comments: CONFIG_SLAB_FREELIST_HARDENED must not be enabled

   Requirements: pkg=linux-kernel,ver<=5.11.3,CONFIG_SLAB_FREELIST_HARDENED!=y

   author: GRIMM

[+] [CVE-2021-22555] Netfilter heap out-of-bounds write

   Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html

   Exposure: less probable

   Tags: ubuntu=20.04{kernel:5.8.0-*}

   Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c

   ext-url: CVE-2021-22555/exploit.c" title="https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c" target="_blank" >https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c

   Comments: ip_tables kernel module must be loaded

   Requirements: pkg=linux-kernel,ver>=2.6.19,ver<=5.12-rc6

   exploit-db: 50135

   author: theflow (orginal exploit author); bcoles (author of exploit update at 'ext-url')

[+] [CVE-2019-15666] XFRM_UAF

   Details: https://duasynt.com/blog/ubuntu-centos-redhat-privesc

   Exposure: less probable

   Download URL:

   Comments: CONFIG_USER_NS needs to be enabled; CONFIG_XFRM needs to be enabled

   Requirements: pkg=linux-kernel,ver>=3,ver<5.0.19,CONFIG_USER_NS=y,sysctl:kernel.unprivileged_userns_clone==1,CONFIG_XFRM=y

   author: Vitaly 'vnik' Nikolenko

[+] [CVE-2019-13272] PTRACE_TRACEME

   Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1903

   Exposure: less probable

   Tags: ubuntu=16.04{kernel:4.15.0-*},ubuntu=18.04{kernel:4.15.0-*},debian=9{kernel:4.9.0-*},debian=10{kernel:4.19.0-*},fedora=30{kernel:5.0.9-*}

   Download URL: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47133.zip

   ext-url: CVE-2019-13272/poc.c" title="https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c" target="_blank" >https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c

   Comments: Requires an active PolKit agent.

   Requirements: pkg=linux-kernel,ver>=4,ver<5.1.17,sysctl:kernel.yama.ptrace_scope==0,x86_64

   exploit-db: 47133

   author: Jann Horn (orginal exploit author); bcoles (author of exploit update at 'ext-url')

[+] WARNING: Vulnerability CVE-2019-13272 is a known exploited vulnerability.

==> Check modprobe.d directory and content

[-] No modprobe.d directory found

[-] No check for kernel configuration

==> Analyze kernel modules

[*] Found 6 kernel modules.

[-] Found kernel module /lib/modules/4.19.56-linux4sam-6.1/kernel/drivers/misc/eeprom/eeprom_93cx6.ko (-rw-r--r-- root root)  License: GPL - NOT STRIPPED

[-] Found kernel module /lib/modules/4.19.56-linux4sam-6.1/kernel/crypto/echainiv.ko (-rw-r--r-- root root)  License: GPL - NOT STRIPPED

[-] Found kernel module /lib/modules/4.19.56-linux4sam-6.1/kernel/drivers/mtd/ubi/gluebi.ko (-rw-r--r-- root root)  License: GPL - NOT STRIPPED

[-] Found kernel module /lib/modules/4.19.56-linux4sam-6.1/kernel/crypto/algif_hash.ko (-rw-r--r-- root root)  License: GPL - NOT STRIPPED

[-] Found kernel module /lib/modules/4.19.56-linux4sam-6.1/kernel/crypto/algif_skcipher.ko (-rw-r--r-- root root)  License: GPL - NOT STRIPPED

[-] Found kernel module /lib/modules/4.19.56-linux4sam-6.1/kernel/crypto/af_alg.ko (-rw-r--r-- root root)  License: GPL - NOT STRIPPED