Author: Allele Security Intelligence

We are an independent security company that offers consulting, intelligence, training and research services in information security.

A brief analysis of a vulnerability in the glibc (CVE-2025-4802)

Posted on by Allele Security Intelligence in Training

Para acessar este post em Português, clique aqui.

In this blog post, we present a brief analysis of vulnerability CVE-2025-4802 [1], which affects libc developed by the GNU project, glibc, across versions 2.27 to 2.38, spanning the years 2017 to 2023 [2].

In simple terms, this vulnerability allows statically linked ELF binaries that execute dlopen() [3] either implicitly or explicitly to load arbitrary libraries via the LD_LIBRARY_PATH environment variable on a SUID binary. In practical terms, this enables a user with limited privileges to execute arbitrary code with elevated permissions.

Our objective is to provide the foundational knowledge required to understand the issue comprehensively. We will analyze the root cause of the vulnerability, the patch, its security impact, and how the involved components – the loader, the dynamic linker, and the kernel – interact to enable binary execution on the system. The operating system used for this blog post is Ubuntu 22.04, as provided to the students during our Linux binary exploitation training course.

Continue reading “A brief analysis of a vulnerability in the glibc (CVE-2025-4802)”

The importance of diverse knowledge in vulnerability research – The transferability of knowledge

Posted on by Allele Security Intelligence in Research

Para acessar este post em português, clique aqui.

To achieve an excellent and high-level career in Information Security, diverse and deep technical knowledge is indispensable. It is crucial to have solid experience with:

  • Network protocols;
  • Computer architecture;
  • Operating systems;
  • Programming languages;
  • Compilers, among other fundamentals.

The professional needs to have a broad range of knowledge. We are talking about high-impact careers, formed by people who work at the forefront of modern technology. Although other qualities are necessary, the focus here resides strictly on the technical aspect.

Continue reading “The importance of diverse knowledge in vulnerability research – The transferability of knowledge”

Our recent contributions to the Linux kernel

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

During our research projects, we need to delve deep into the target operating system’s subsystems. In the process, we often find issues that are not interesting for our research purposes. In the past, we ignored them, but recently we have decided to contribute back to the upstream community by reporting these issues. In the cases covered by this blog post, we not only reported the issues but also submitted the corresponding patches. Even though we have reported vulnerabilities and helped to fix them in the past, these issues are the first for which we were the sole patch authors. In this blog post, we will detail the recent issues we have reported and fixed in the Linux kernel.

We reported three issues. Two of them are NULL pointer dereferences, and the third is a potential out-of-bounds write in the Btrfs file system. The NULL pointer dereference issues could allow unprivileged users to disrupt the system. We did not invest much time trying to trigger the potential out-of-bounds write in Btrfs, as it falls outside our research scope.

Although the vulnerability exists, it requires a condition that does not appear trivial to meet. The most interesting thing about it is that it is an “ancient” bug. The buggy code has been there for more than 17 years. While it was noticed in the past and an attempt was made to fix it, that effort was overlooked. Despite the vulnerable code having been touched several times since then, the vulnerability remained present. All of the patches are already applied upstream, and now we will detail the issues.

Continue reading “Our recent contributions to the Linux kernel”

Discover the Allele Security Intelligence Services Portfolio

Posted on by Allele Security Intelligence in Institutional

Para acessar esta postagem em português, clique aqui.

At Allele Security Intelligence, we understand that cyber resilience is a critical factor for the continuity and competitiveness of organizations. Our commitment is to support companies in the proactive management of digital risks, providing integrated solutions that are constantly updated and aligned with regulatory requirements and real-world threat scenarios. 

We operate strategically, combining innovation, threat intelligence, and advanced technical expertise, so that our clients can anticipate, detect, and effectively respond to the increasingly complex cybersecurity challenges.

Our Cybersecurity Portfolio brings together services designed from cutting-edge applied research, sustained by technical excellence, and consolidated by practical experience in complex environments.

Continue reading “Discover the Allele Security Intelligence Services Portfolio”

Use-after-free vulnerability in the CAN BCM subsystem leading to information disclosure (CVE-2023-52922)

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

In 2024, our research team noticed and wrote proofs of concept for a use-after-free vulnerability affecting the latest Red Hat Enterprise Linux 9 (RHEL 9). At the time, kernel version 5.14.0-503.15.1.el9_5. The vulnerability was fixed in the Linux kernel upstream on July 17, 2023 [1][2]. After we reported it, the fix was backported to Red Hat Enterprise Linux 9 on March 11, 2025 [3], in the kernel version 5.14.0-503.31.1.el9_5.

We reported it to Red Hat on July 16, 2024, and they replied that upstream declined to issue a CVE and asked us for the proof of concept we had mentioned during the first contact. After sending a detailed report including a proof of concept, the CVE-2023-52922 [4] was assigned. This blog post also highlights a potential pattern that has been present in the CAN BCM subsystem, as at least another issue has already been reported and fixed.

This vulnerability allows unprivileged users to read data from kernel space, which could be used to disclose sensitive information and bypass security mitigations enabled by default in the affected systems.

Continue reading “Use-after-free vulnerability in the CAN BCM subsystem leading to information disclosure (CVE-2023-52922)”

Accidentally uncovering a seven years old vulnerability in the Linux kernel

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

Vulnerability research is at the core of Allele Security Intelligence. We have been actively researching for more than a decade, and we offer our expertise to our clients. Among the services we offer are 0day and nday vulnerability research.

In nday vulnerability research projects, in the case of the Linux kernel, we look for vulnerabilities patched upstream, that still affect major distributions even in their latest release. Usually, we find vulnerabilities patched over a year ago that still affect popular Linux distributions. We do that by auditing the Linux kernel source code, monitoring vulnerabilities submitted to mailing lists and patched upstream, checking the findings of the syzkaller fuzzer and other ways.

While doing that research, we accidentally discovered a vulnerability in the core of the TCP subsystem of the Linux kernel. It had been introduced seven years earlier. We reported it upstream, which was patched in May of last year. In this blog post, we’ll share how it happened and briefly analyze the vulnerability.

Continue reading “Accidentally uncovering a seven years old vulnerability in the Linux kernel”

The solution to keep your systems secure: Kernel Livepatch

Posted on by Allele Security Intelligence in Consulting

Para acessar esta postagem em português, clique aqui.

Keeping systems up-to-date with the latest vulnerability patches is crucial for organizational security. New vulnerabilities are frequently discovered, increasing exposure to attacks. However, regarding a system’s main component—the kernel—such updates typically require a complete system reboot, which can reduce server uptime and potentially affect service quality. Additionally, in a kernel update provided by the vendor, there are often other modifications beyond vulnerability patches, which can alter system behavior unexpectedly. Fortunately, there is a technique for patching kernel vulnerabilities that avoids these negative impacts.

Linux Livepatch is the solution. This feature allows you to apply security updates and critical patches without rebooting or interrupting services. This makes your systems more secure and highly available 24/7, reducing risks and maximizing productivity. It also enables patching vulnerabilities unknown to the public and vendors, like vulnerabilities discovered by our research team. Next, we will provide further details to help you understand this solution.

Continue reading “The solution to keep your systems secure: Kernel Livepatch”

Computing Week of Federal University of Bahia 2019

Posted on by Allele Security Intelligence in Events

semcomp2019lightFrom March 21 to 24, 2019, it will be happening in Salvador the Computing Week of Federal University of Bahia 2019 (SEMCOMP 2019). SEMCOMP is an event that moves forward the computing community of the state of Bahia. Held by Federal University of Bahia (UFBA) and supported by respectable companies, the event brings together students, companies, professionals and researchers for four days of much information and shared knowledge. Among the speakers, the event has already had great national and international names.

We will be present at the event by giving a presentation entitled “Reducing Linux kernel Attack Surface” in which we aim to share with the audience a little of our knowledge about attack and defense on the Linux kernel.

Continue reading “Computing Week of Federal University of Bahia 2019”