Language Selection

English French German Italian Portuguese Spanish

Bug exposes eight years of Linux kernel

Filed under
Linux
Security

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

"Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit," security researcher Julien Tinnes writes here. "An attacker can just put code in the first page that will get executed with kernel privileges."

rest here




More in Tux Machines

digiKam 5.2.0 is published...

After a second release 5.1.0 published one month ago, the digiKam team is proud to announce the new release 5.2.0 of digiKam Software Collection. This version introduces a new bugs triage and some fixes following new feedback from end-users. This release introduce also a new red eyes tool which automatize the red-eyes effect reduction process. Faces detection is processed on whole image and a new algorithm written by a Google Summer of Code 2016 student named Omar Amin is dedicated to recognize shapes and try to found eyes with direct flash reflection on retina. Read more

Games for GNU/Linux

Linux Graphics

Libreboot Drama Continues, GNU Might Keep The Project

It's been one week since the Libreboot downstream of Coreboot announced it would leave the GNU and denounced the FSF over supposedly a transgendered individual having been fired by the this free software group. Both Richard Stallman and the FSF denounced these claims made by Libreboot maintainer Leah Rowe. Since then, no actual proof has been presented to back up these claims by the Libreboot maintainer but the drama around it has seemingly continued. Waking up this morning, I received an email as part of a long email chain from Leah Rowe about how the "GNU project refuses to let go of libreboot" and she wrote, "GNU project has told me that they will not allow libreboot to leave GNU. This is quite possibly the biggest insult imaginable, considering what has happened." Read more