Category: Research

The importance of diverse knowledge in vulnerability research – The transferability of knowledge

Posted on by Allele Security Intelligence in Research

Para acessar este post em português, clique aqui.

To achieve an excellent and high-level career in Information Security, diverse and deep technical knowledge is indispensable. It is crucial to have solid experience with:

  • Network protocols;
  • Computer architecture;
  • Operating systems;
  • Programming languages;
  • Compilers, among other fundamentals.

The professional needs to have a broad range of knowledge. We are talking about high-impact careers, formed by people who work at the forefront of modern technology. Although other qualities are necessary, the focus here resides strictly on the technical aspect.

Continue reading “The importance of diverse knowledge in vulnerability research – The transferability of knowledge”

Our recent contributions to the Linux kernel

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

During our research projects, we need to delve deep into the target operating system’s subsystems. In the process, we often find issues that are not interesting for our research purposes. In the past, we ignored them, but recently we have decided to contribute back to the upstream community by reporting these issues. In the cases covered by this blog post, we not only reported the issues but also submitted the corresponding patches. Even though we have reported vulnerabilities and helped to fix them in the past, these issues are the first for which we were the sole patch authors. In this blog post, we will detail the recent issues we have reported and fixed in the Linux kernel.

We reported three issues. Two of them are NULL pointer dereferences, and the third is a potential out-of-bounds write in the Btrfs file system. The NULL pointer dereference issues could allow unprivileged users to disrupt the system. We did not invest much time trying to trigger the potential out-of-bounds write in Btrfs, as it falls outside our research scope.

Although the vulnerability exists, it requires a condition that does not appear trivial to meet. The most interesting thing about it is that it is an “ancient” bug. The buggy code has been there for more than 17 years. While it was noticed in the past and an attempt was made to fix it, that effort was overlooked. Despite the vulnerable code having been touched several times since then, the vulnerability remained present. All of the patches are already applied upstream, and now we will detail the issues.

Continue reading “Our recent contributions to the Linux kernel”

Use-after-free vulnerability in the CAN BCM subsystem leading to information disclosure (CVE-2023-52922)

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

In 2024, our research team noticed and wrote proofs of concept for a use-after-free vulnerability affecting the latest Red Hat Enterprise Linux 9 (RHEL 9). At the time, kernel version 5.14.0-503.15.1.el9_5. The vulnerability was fixed in the Linux kernel upstream on July 17, 2023 [1][2]. After we reported it, the fix was backported to Red Hat Enterprise Linux 9 on March 11, 2025 [3], in the kernel version 5.14.0-503.31.1.el9_5.

We reported it to Red Hat on July 16, 2024, and they replied that upstream declined to issue a CVE and asked us for the proof of concept we had mentioned during the first contact. After sending a detailed report including a proof of concept, the CVE-2023-52922 [4] was assigned. This blog post also highlights a potential pattern that has been present in the CAN BCM subsystem, as at least another issue has already been reported and fixed.

This vulnerability allows unprivileged users to read data from kernel space, which could be used to disclose sensitive information and bypass security mitigations enabled by default in the affected systems.

Continue reading “Use-after-free vulnerability in the CAN BCM subsystem leading to information disclosure (CVE-2023-52922)”

Accidentally uncovering a seven years old vulnerability in the Linux kernel

Posted on by Allele Security Intelligence in Research

Para acessar esta postagem em português, clique aqui.

Vulnerability research is at the core of Allele Security Intelligence. We have been actively researching for more than a decade, and we offer our expertise to our clients. Among the services we offer are 0day and nday vulnerability research.

In nday vulnerability research projects, in the case of the Linux kernel, we look for vulnerabilities patched upstream, that still affect major distributions even in their latest release. Usually, we find vulnerabilities patched over a year ago that still affect popular Linux distributions. We do that by auditing the Linux kernel source code, monitoring vulnerabilities submitted to mailing lists and patched upstream, checking the findings of the syzkaller fuzzer and other ways.

While doing that research, we accidentally discovered a vulnerability in the core of the TCP subsystem of the Linux kernel. It had been introduced seven years earlier. We reported it upstream, which was patched in May of last year. In this blog post, we’ll share how it happened and briefly analyze the vulnerability.

Continue reading “Accidentally uncovering a seven years old vulnerability in the Linux kernel”