Linux Kernel ChromeOS Out-of-Bounds Read Vulnerability in Netfilter/IPSet

A vulnerability allowing an out-of-bounds read has been identified in the netfilter/ipset component of the Linux Kernel, specifically in ChromeOS versions 6.1, 5.15, 5.10, 5.4, and 4.19. This vulnerability allows a local attacker with low privileges to trigger the out-of-bounds read, potentially leading to information disclosure.

Impact

Exploitation of this vulnerability causes a memory corruption issue, which could be leveraged for information disclosure or to escalate privileges, particularly within the ChromeOS Termina environment.

Reproduction

The vulnerability can be reproduced by compiling a proof-of-concept C file with GCC and running the resulting executable. The proof-of-concept must be crafted to exploit the specific conditions of the vulnerability, taking advantage of the IP set commands that trigger the out-of-bounds read.

Remediation

The vulnerability has been fixed in the upstream Linux kernel and the patches have been merged. The fix will be included in the next regular sync of the ChromeOS kernel.