CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.

CVE-2022-33915 The Amazon AWS Log4j hotpatch package is affected by a race condition that could lead to a local privilege escalation.

In most cases, the hotpatch will run successfully. However, if the process exec()s a SUID binary and the process has not been observed, the exec() may perform a race between the process observing the process path and the process observing the effective user ID. The race condition could lead to the SUID binary being executed with elevated privileges. This could allow an attacker to install a malicious Java or ELF program on the local virtual machine. This could lead to a local privilege escalation. A local user could cause the hotpatch script to execute a custom java process that performs exec() of a SUID binary after the process has observed its effective user ID. In such a scenario, the exec() may perform a race between the process observing the process path and the process observing the effective user ID. In such a scenario, the exec() may perform a race between the process observing the process path and the process observing the effective user ID. As a result, the exec() may erroneously execute the SUID binary with elevated privileges. This could allow a local attacker to run a malicious Java or ELF program on the local virtual machine with elevated privileges. This could lead to a local privilege escalation.

CVE-2023-33916

The vulnerability is caused by the use of a discretionary access control list (DACL) to enable or disable privileges on a process. By default, the Dacl is effective only for the owner of the process. If the Dacl was enabled for some other user, privileges could be granted to that user without granting those privileges to the process's owner.
In most cases, this vulnerability will not pose a threat to users as there are many processes running with disabled DACLs and only one running with an enabled DACL. In this scenario, any privilege escalation as a result of this vulnerability would be limited in scope and duration.

Vulnerability Description and affected versions of Red Hat Enterprise Linux


The vulnerability is due to a race condition that may occur when the process executes a SUID binary and the process has not been observed. The race condition could lead to the SUID binary being executed with elevated privileges. This could allow an attacker to install a malicious Java or ELF program on the local virtual machine. This could lead to a local privilege escalation. A local user could cause the hotpatch script to execute a custom java process that performs exec() of a SUID binary after the process has observed its effective user ID. In such a scenario, the exec() may perform a race between the process observing the process path and the process observing the effective user ID. As a result, the exec() may erroneously execute the SUID binary with elevated privileges. This could allow a local attacker to run a malicious Java or ELF program on the local virtual machine with elevated privileges. This could lead to a local privilege escalation

Vulnerable System Requirements

Virtual machines running on RHEL 5, RHEL 6, or CentOS 5.x, 6.x, 7.x
CVE-2022-33915

Vulnerability found and details disclosed

Delivered by Embedi to Oracle on the day of the Patch Tuesday update, CVE-2022-33915 (named "JVMCORE102518") is a race condition that allows local attackers to perform a local privilege escalation. This vulnerability has been assigned ID number CVE-2019-0204.

Vulnerable versions of CVE-2022-33915

The vulnerable versions of CVE-2022-33915 are described below.
* Oracle JDK and Java Runtime Environment (JRE) 7u80, 8u45 and earlier, 9
* Oracle Java Web Start 1.0.2_25
* Oracle JRockit R28.2.8 and earlier
* OpenJDK 7u101 and earlier

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe