Numerous security flaws have been discovered and fixed in the Linux kernel, patch management for these vulnerabilities is critical to avoid that attackers could have led to a denial of service or privilege escalation.
Debian yesterday issued a new security update to warn its Linux users about the presence of new vulnerabilities that could be exploited for the above reasons. The vulnerabilities are
The first two flaws could lead DoS via crafted BPF instructions while the third one could be exploited to crash the kernel or for privilege escalation.
CVE-2014-3144 / CVE-2014-3145
A local user can cause a denial of service (system crash) via crafted BPF instructions.
Pinkie Pie discovered an issue in the futex subsystem that allows a local user to gain ring 0 control via the futex syscall. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
The above flaw was reported by Pinkie Pie, the anonymous hacker who discovered the sandbox escape against Chrome in 2012.
The futux mechanism, available within most Linux sandboxes, is a “fast, lightweight kernel-assisted locking primitive for user-space applications.”, a local user through its system calls could gain ring 0 control.
Due to the large diffusion of futux mechanism, the fix for the vulnerability CVE-2014-3153 is considered critical.
“The futex syscall can leave a queued kernel waiter hanging on the stack. By manipulating the stack with further syscalls, the waiter structure can be altered. When later woken up, the altered waiter can result in arbitrary code execution in ring 0,” wrote Kees Cook, a ChromeOS security researcher and former Ubuntu Security Engineer.
Debian and all Linux users are invited to upgrade their packages, be aware that the patches for unstable version will be soon available, meantime version 3.2.57-3+deb7u2 have been already fixed.
Don’t waste time, upgrade your systems!
(Security Affairs – Linux Kernel, hacking)