logoalt Hacker News

GhostLock, a stack-UAF that has existed in all Linux distributions for 15 years

188 pointsby ranger_dangerlast Wednesday at 4:53 PM67 commentsview on HN

UAF = Use After Free (https://en.wikipedia.org/wiki/Dangling_pointer)


Comments

goodburblast Saturday at 5:58 AM

Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).

Two boot looped, I had to enter recovery and the other just powered off [0].

The demo modifies the wallpaper on supported Pixel devices.

[0] IonStack https://rootme.nebusec.ai

____

Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.

Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.

show 1 reply
teleforcelast Saturday at 12:12 AM

>Google has rewarded us $92,337 in kernelCTF

I'm all ears now

show 1 reply
amatechalast Saturday at 1:23 AM

Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."

password4321last Saturday at 12:38 AM

Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.

show 2 replies
KasianFrankstoday at 5:53 AM

So has the church of the subgenius.

tangentertoday at 5:30 AM

Fuck it. I’m exclusively running the book version of minix from now on, neovim be damned. The exploit surface of these kernels is wild.

KnockOutEZtoday at 5:24 AM

Damn

alexjplanttoday at 2:47 AM

> This is the same shape as many other life-cycle bugs [...]

Claude-ism detected. IME with Claude Code an object does not have a type or definition, apparently, but rather a shape (or at least it reaches for that word before more technically-accurate ones). Problems are not of a similar class or type, but of the same shape. Functions are not defined by their signatures but by their shape. Who talks like this and how did it make its way into the training data so pervasively?

show 5 replies
mixmastamyklast Friday at 10:24 PM

A what?

show 2 replies
Uptrendatoday at 2:42 AM

Has anyone in infosec ever seen the term "use after free" before LLMs? Or is this basically an acronym claude invented? I say this because I see claude use this term all the time like its common knowledge but in 15+ years in tech never seen it myself. I've seen all kinds of terms used to describe memory errors: memory corruption, heap corruption, stack corruption, whatever, just never this acronym.

show 9 replies