Linux kernel discovered vulnerability

    SecurityLab has posted a Linux kernel vulnerability notification that allows a local user to gain root privileges on a system.

    The vulnerable vmsplice () system call was introduced for the first time in the 2.6.17 kernel. The vulnerability exists due to the fact that the functions “vmsplice_to_user ()”, “copy_from_user_mmap_sem ()” and “get_iovec_page_array () of the file fs / splice.c do not check the pointers passed to them by calling access_ok (). The absence of such a check allows the local user to read and write arbitrary data to the kernel memory.

    Thus, the vulnerability is dangerous because a local unprivileged user who has physical or remote access (for example, via ssh) to the system and the correct credentials (including access to the console - shell) can gain root account privileges or crash the system .

    Vulnerabilities are affected by all systems with the vmsplice () system call support enabled and compiled on the basis of the kernel versions 2.6.17 to and According to notifications, the vulnerability does not apply to kernels that use grsecurity patches that are configured correctly.

    SecurityLab assigned a low hazard rating for the vulnerability because, according to the scale used to assess the vulnerability risk of vulnerabilities, all local vulnerabilities represent a low hazard rating. This assessment is designed to ensure that the target system is correctly configured (from a security point of view), and there is no possibility of accessing it from outside by a remote or local unauthorized user; For local accounts, the correct access privileges are configured, including access to the console; Strong passwords are used and the latest updates for the software used are installed. Incorrect, from the point of view of security, the system configuration itself is a vulnerability and can increase the impact of other vulnerabilities on the system.

    To fix the vulnerability, you need to download and install the patch available on the website of the manufacturer of your distribution, or rebuild the kernel available on the site . After you apply the hotfix, you will need to reboot the system.


    Also popular now: