Kernel Module Loading Vulnerability in BusyBox

Kernel Module Loading Vulnerability in BusyBox

CVE-2014-9645 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.

Learn more about our User Device Pen Test.