April 16, 2021

Positive Technologies' official statement following U.S. sanctions

As a company, we deny the groundless accusations made by the U.S. Department of the Treasury. In the almost 20 years we have been operating there has been no evidence of the results of Positive Technologies’ research being used in violation of the principles of business transparency and the ethical exchange of information with professional information security community.

April 9, 2021

Four Bytes of Power: exploiting CVE-2021-26708 in the Linux kernel

Author: Alexander Popov, Positive Technologies

CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit them for local privilege escalation on Fedora 33 Server for x86_64, bypassing SMEP and SMAP. Today I gave a talk at Zer0Con 2021 on this topic (slides).

I like this exploit. The race condition can be leveraged for very limited memory corruption, which I gradually turn into arbitrary read/write of kernel memory, and ultimately full power over the system. That's why I titled this article "Four Bytes of Power."

December 1, 2020

Linux kernel heap quarantine versus use-after-free exploits

It's 2020. Quarantines are everywhere – and here I'm writing about one, too. But this quarantine is of a different kind.

In this article I'll describe the Linux Kernel Heap Quarantine that I developed for mitigating kernel use-after-free exploitation. I will also summarize the discussion about the prototype of this security feature on the Linux Kernel Mailing List (LKML).