Language Selection

English French German Italian Portuguese Spanish

Bug exposes eight years of Linux kernel

Filed under
Linux
Security

Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.

The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.

"Since it leads to the kernel executing code at NULL, the vulnerability is as trivial as it can get to exploit," security researcher Julien Tinnes writes here. "An attacker can just put code in the first page that will get executed with kernel privileges."

rest here




More in Tux Machines

Avoiding systemd isn't hard

Don't listen to trolls. They lie. Debian was and continues to be about choice. Previously, you could configure Debian to use other init systems, and you can continue to do so in the future. Read more

12 Must Have Android Apps

While some Android apps are important, some truly are must have Android apps. I’ve learned to tell the difference. Over the past couple of years, I've been a very happy Android fan. Being a refugee from the iOS platform, I cannot express just how much more full-featured Android is when compared to my old iPhone. Read more

Ubuntu 14.10 XMir System Compositor Benchmarks

With Ubuntu 14.10 "Utopic Unicorn" due for release today, here's some benchmarks showing how the standard Unity 7 desktop on Ubuntu 14.10 is comparing to the still-experimental Unity System Compositor and using XMir for running traditional Linux OpenGL games. From a standard Intel Core i7 Haswell system with HD Graphics I ran benchmarks with the development snapshot of Ubuntu Utopic as of yesterday to see how well the stock Unity 7.3.1 environment is comparing to when it's run with unity-system-compositor installed and using Mir support with XMir for running a variety of standard OpenGL benchmarks as well as some 2D X11 benchmarks. Read more

Up the revolution! The rise of Red Hat

One of the IT industry's quiet successes of the last 20 years has been Red Hat (some stories say it was named for the red caps favoured by 18th and 19th century revolutionaries). In 2012 the vendor reported revenues of $1B+ for the first time and this has increased to $1.5B+ in its most recent full financial year (ending Feb 2014). 26% of Red Hat’s revenue is generated in Europe and more than 20% its 7,000 employees are based in the EU, including those at its Bruno-based development in the Czech Republic. Read more