New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
A new Linux exploit called 'pedit COW' has been disclosed, enabling attackers to gain root access by poisoning cached binaries. The technique exploits a race condition in the Linux kernel's page cache mechanism, allowing an unprivileged user to modify cached executable content. This can lead to privilege escalation, as the modified binary runs with elevated permissions. The exploit targets systems running the Linux kernel, though specific kernel versions are not mentioned in the source. The attack vector involves writing to a file that is already cached, causing the kernel to serve the poisoned data to subsequent executions. This vulnerability is significant because it bypasses traditional file permission checks, as the cache operates at a lower level. The source does not provide a CVE ID or patch status. The exploit was reported by security researchers, but no further details on mitigation or affected distributions are given. The consequence is that an attacker with local access can escalate privileges to root, potentially compromising the entire system.
Local attackers can escalate to root by poisoning cached binaries, compromising system integrity.