Language Selection

English French German Italian Portuguese Spanish

Bug exposes eight years of Linux kernel

Filed under
Linux
Security

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

"Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit," security researcher Julien Tinnes writes here. "An attacker can just put code in the first page that will get executed with kernel privileges."

rest here




More in Tux Machines

Running FreeBSD on the server: a sysadmin speaks

For years now, Linux has been all the rage. But in recent times, there have been murmurings among some veterans — long-time users — after the introduction of systemd, the init system that seems to overstep its boundaries. Read more

More tools for creating QR Codes in Linux

In my previous post I showed how to install CuterCode and Qreator, two simple GUI applications for producing QR Codes. I have now found a couple of other GUI applications, Portable QR-Code Generator and QtQR, both of which offer more features than the aforementioned two, such as allowing you to specify the amount of error correction to be incorporated into the QR Code. And now to the two applications …

Read more

today's leftovers

today's howtos