{"vulnerability": "CVE-2021-41073", "sightings": [{"uuid": "2b95d0d6-9313-4d9a-b478-6b59b23bacc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/155", "content": "Exploiting CVE-2021-41073 in io_uring\n\nValentina Palmiotti published an excellent write-up about exploiting a type confusion in io_uring to gain root privileges.\n\nThis bug allows freeing arbitrary slab allocations from the kmalloc-32 cache.\n\nValentina described how she constructed these exploit primitives:\n\n\u2714\ufe0f UAF in kmalloc-32\n\u2714\ufe0f Kernel heap info-leak\n\u2714\ufe0f Control flow hijacking\n\u2714\ufe0f Illegal privilege escalation\n\nThe researcher also described her experience with responsible disclosure.", "creation_timestamp": "2022-03-09T18:56:10.000000Z"}, {"uuid": "595b47be-a839-47a6-b62a-b98181c3a8a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "seen", "source": "https://t.me/cKure/7176", "content": "\u25a0\u25a0\u25a0\u25a1\u25a1 Interesting thread: CVE-2021-41073 (Linux LPE Kernel bug - 5.1 to 5.14.6)\n\nhttps://twitter.com/chompie1337/status/1439743758447398918", "creation_timestamp": "2021-09-20T18:29:23.000000Z"}, {"uuid": "44c1b2c2-3c8c-4ff5-86a4-466acacb55e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/173", "content": "io_uring - new code, new bugs, and a new exploit technique\n\nLam Jun Rong published an article that covers analyzing and exploiting CVE-2021-41073, an invalid-free vulnerability in the io_uring subsystem.\n\nThis vulnerability has previously been exploited by Valentina Palmiotti, but that exploit relied on eBPF. The new exploit targets Ubuntu 21.10, where eBPF is not available to unprivileged users.", "creation_timestamp": "2022-07-04T10:47:21.000000Z"}, {"uuid": "5339eb2f-8aed-42f7-a98b-ec343af48539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "seen", "source": "Telegram/TXmZ8EBGvdc4uufvEqu6hfgyjEc7K_gjD1Jpp8Uzvu6-KK0", "content": "", "creation_timestamp": "2023-03-23T09:18:19.000000Z"}, {"uuid": "746a50bd-4a7b-4c5d-b7dd-ea3252644fda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1886", "content": "#exploit\nCVE-2021-41073:\nType confusion in Linux io_uring\nhttps://gist.github.com/QiuhaoLi/d66b0ff2aa5058bd007a3f6c61d29b6e\n\n@BlueRedTeam", "creation_timestamp": "2022-04-03T10:37:21.000000Z"}, {"uuid": "708f4279-8ef0-4653-8f23-6c6673746de0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1427", "content": "kernel-linux-factory\n*\n\u0423\u0434\u043e\u0431\u043d\u043e \u0442\u0435\u043c, \u0447\u0442\u043e \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043a\u043e\u043c\u043f\u0438\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0438\u043b\u0438 \u043d\u0430\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u0442\u044c \u0441\u0440\u0435\u0434\u0443, \u0433\u043b\u044f\u043d\u0443\u043b \u043a\u0430\u043a\u043e\u0435 \u044f\u0434\u0440\u043e, \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b \u0441\u043f\u043b\u043e\u0435\u0442, \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043f\u043e \u043c\u043e\u0440\u0434\u0435 #root\n*\n\u0432 \u0441\u043e\u0441\u0442\u0430\u0432\u0435 exploits \u0434\u043b\u044f:\nCVE-2016-9793\n4-20-BPF-integer\nCVE-2017-5123\nCVE-2017-6074\nCVE-2017-7308\nCVE-2017-8890\nCVE-2017-11176\nCVE-2017-16995\nCVE-2017-1000112\nCVE-2018-5333\nCVE-2019-9213 & CVE-2019-8956\nCVE-2019-15666\nCVE-2020-8835\nCVE-2020-27194\nCVE-2021-3156\nCVE-2021-31440\nCVE-2021-3490\nCVE-2021-22555\nCVE-2021-41073\nCVE-2021-4154\nCVE-2021-42008\nCVE-2021-43267\nCVE-2022-0185\nCVE-2022-0847\nCVE-2022-0995\nCVE-2022-1015\nCVE-2022-2588\nCVE-2022-2639\nCVE-2022-25636\nCVE-2022-27666\nCVE-2022-32250\nCVE-2022-34918\n\ndownload\n\n#linux #exploits #kernel", "creation_timestamp": "2023-03-23T06:30:43.000000Z"}, {"uuid": "a0603d55-d5ca-4ded-9bff-4591660e9728", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-41073", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5733", "content": "#exploit\nCVE-2021-41073:\nType confusion in Linux io_uring\nhttps://gist.github.com/QiuhaoLi/d66b0ff2aa5058bd007a3f6c61d29b6e", "creation_timestamp": "2022-04-03T13:37:01.000000Z"}]}