Language Selection

English French German Italian Portuguese Spanish

Bug exposes eight years of Linux kernel

Filed under
Linux
Security

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

"Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit," security researcher Julien Tinnes writes here. "An attacker can just put code in the first page that will get executed with kernel privileges."

rest here




More in Tux Machines

Red Hat and Fedora

FOSS Events: LCA and systemd.conf

  • 5 great linux.conf.au talks (that aren't about Linux)
    linux.conf.au, otherwise known as LCA, is one of the world's longest-running open source events. LCA has been held in a different city around Australia and New Zealand almost every year since 1999. Despite the name, linux.conf.au is a generalist open source conference. LCA hasn't been just about Linux for a long time. Rather, the conference focuses on everything to do with open source: the software, hardware, and network protocols that underly it. LCA also has a strong track on free and open culture, exploring how open source interacts with science, government, and the law.
  • FINAL REMINDER! systemd.conf 2016 CfP Ends on Monday!
    Please note that the systemd.conf 2016 Call for Participation ends on Monday, on Aug. 1st! Please send in your talk proposal by then! We’ve already got a good number of excellent submissions, but we are very interested in yours, too!

OSS Leftovers

Programming