Numerous security flaws have been discovered and fixed in the Linux kernel, patch management for these vulnerabilities is critical to avoid that attackers could have led to a denial of service or privilege escalation.
Debian yesterday issued a new security update to warn its Linux users about the presence of new vulnerabilities that could be exploited for the above reasons. The vulnerabilities are
The first two flaws could lead DoS via crafted BPF instructions while the third one could be exploited to crash the kernel or for privilege escalation.
CVE-2014-3144 / CVE-2014-3145
A local user can cause a denial of service (system crash) via crafted BPF instructions.
Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
The above flaw was reported by Pinkie Pie, the anonymous hacker who discovered the sandbox escape against Chrome in 2012.
The futux mechanism, available within most Linux sandboxes, is a “fast, lightweight kernel-assisted locking primitive for user-space applications.”, a local user through its system calls could gain ring 0 control.
Due to the large diffusion of futux mechanism, the fix for the vulnerability CVE-2014-3153 is considered critical.
“The futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” wrote Kees Cook, a ChromeOS security researcher and former Ubuntu Security Engineer.
Debian and all Linux users are invited to upgrade their packages, be aware that the patches for unstable version will be soon available, meantime version 3.2.57-3+deb7u2 have been already fixed.
Don’t waste time, upgrade your systems!
(Security Affairs – Linux Kernel, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.