Language Selection

English French German Italian Portuguese Spanish

Bug exposes eight years of Linux kernel

Filed under
Linux
Security

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

"Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit," security researcher Julien Tinnes writes here. "An attacker can just put code in the first page that will get executed with kernel privileges."

rest here




More in Tux Machines

Android, Android on Desktops (Android-x86), Samsung Galaxy on Desktop/DeX

  • Pixel 2 Has Screen Burn-In Problem, Google Says They’re “Actively Investigating” The Report
    Android Central has reported that their Pixel 2 XL review unit is having screen burn-in issues. That’s a bad thing for the latest made-by-Google flagship which was announced earlier on October 4, ditching the headphone jack.
  • Android-x86 7.1-rc2 Now Supports NVMe SSDs, Better QEMU VirGL
    The Android-x86 project derived from Google's Android Open-Source Project code-base remains officially at Android 6.0, but there is an Android 7.1 "Nougat" build available for testing. Quietly released earlier this month was a second release candidate based on Android 7.1. The Android-x86 7.1-RC2 release is based on upstream AOSP 7.1-RC2 / Nougat-MR2 along with some extra improvements for this x86-targeted build.
  • What To Do When The Power Button Of Your Android Phone Is Broken?
  • Samsung is adding Linux support for DeX with the new ‘Linux on Galaxy’ app
    Since Samsung debuted the DeX feature earlier this year with the Galaxy S8 and Galaxy S8+ smartphones, the company has been making small changes to improve the whole experience of using your smartphone as a PC. In order to further enhance Samsung DeX, the company has announced “Linux on Galaxy”, an app that will let developers run Linux-based distributions on their mobile device, allowing them to code on-the-go. The app is DeX-enabled, which means developers can code on a bigger device, powered by their Galaxy S8, Galaxy S8+ or Galaxy Note8.
  • You can run any Linux distro on Samsung smartphones using Linux with Galaxy App
    The convergence of a smartphone with a PC/laptop is not new and has been in making for several years. In fact, the idea of such a convergence started with Nokia’s Communicator phone launched in 1996 when it was the undisputed king of feature phone and mobile phone arena. Ubuntu devs tried a similar theme with the now-dead Ubuntu for smartphones and tablets. The Ubuntu os was launched with the idea to run full Linux apps on your smartphone. The smartphone even gave users an option to connect a keyboard, mouse, and display. However, that did not sell.

Linux Foundation Announcements: CIP, OpenMessaging, CDLA

  • Civil Infrastructure Platform Announces the Release of CIP Core
    Hosted by The Linux Foundation, CIP addresses the needs of long-term software for the power generation and distribution, water, oil and gas, transportation and building automation industries. CIP members such as Codethink, Hitachi, Plat'Home, Renesas, Siemens and Toshiba are working to create a reliable and secure Linux-based embedded software platform that can be sustained more than 10 years and up to 60 years.
  • Linux Foundation Launches OpenMessaging Project
    ​Through a shared exertion bnb m from endeavors and groups put resources into the cloud, enormous information, and standard APIs, I'm eager to welcome the OpenMessaging project from The Linux Foundation. The OpenMessaging group will likely make a comprehensively embraced, merchant impartial, and open standard for dispersed informing that can be conveyed in the cloud, on-commence, and half and half utilize cases.
  • Linux Foundation Debuts Community Data License Agreement
    he Linux Foundation, the nonprofit advancing professional open source management for mass collaboration, today announced the Community Data License Agreement (CDLA) family of open data agreements. In an era of expansive and often underused data, the CDLA licenses are an effort to define a licensing framework to support collaborative communities built around curating and sharing "open" data.
  • The Linux Foundation Releases Three New Open Source Guides for the Enterprise
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source, has released the next three in a series of Open Source Guides for the Enterprise, created to help executives, open source program managers, developers, attorneys and other decision makers learn how to best leverage open source. These three new guides add to the six released last month at Open Source Summit North America.

openSUSE Tumbleweed Linux OS Patched Against WPA2 KRACK Bug, GCC 6 Now Removed

If you're using the openSUSE Tumbleweed operating system, you should know that one of the latest snapshots removed the GCC (GNU Compiler Collection) 6 packages from the default install and patched it against the WPA2 KRACK security vulnerability. Read more

Librem 5 Linux Phone to Include Nextcloud's End-to-End Encrypted File Storage

Purism and Nextcloud announced partnership to bring Nextcloud's end-to-end encrypted file sync and sharing services to Purism's mobile and desktop computing products Read more Also: Librem 5 Privacy-Focused Linux Phone Crowdfunding Campaign Ends with $2 Million Nextcloud to be available on 'free' smartphone