Nguyen: CVE-2021-22555: Turning \x00\x00 into 10000$

For those who appreciate detailed descriptions of how to exploit a kernelvulnerability, thisreport on a netfilter bug by Andy Nguyen should certainly satisfy.

CVE-2021-22555 is a 15 years old heap out-of-bounds writevulnerability in Linux Netfilter that is powerful enough to bypassall modern security mitigations and achieve kernel codeexecution. It was used to break the kubernetes pod isolation of thekCTF cluster and won 10000$ for charity (where Google will matchand double the donation to 20000$).