Three bugs found in the mainline Linux kernel turned out to be about 15 years old. One of these bugs turned out to be useable as a Local Privilege Escalation (LPE) in multiple Linux environments.
GRIMM researchers revealed the bugs 15 years after they were introduced in 2006 during the initial development stages of the iSCSI kernel subsystem.
SCSI (Small Computer System Interface) data transport, is a standard for transferring data made for connecting computers with peripheral devices, originally via a physical cable, like hard drives.
SCSI is a venerable standard originally published in 1986 and was the go-to for server setups, and iSCSI is SCSI over TCP.
According to GRIMM security researcher Adam Nichols, “The flaws affect all Linux distributions, but luckily, the vulnerable scsi_transport_iscsi kernel module is not loaded by default.”
Due to the non-deterministic nature of heap overflows, the first vulnerability could be used as an unreliable, local DoS. Though, when combined with an information leak, this vulnerability can be further exploited as an LPE that allows an attacker to escalate from an unprivileged user account to root.
A separate information leak is not necessary, though, since this vulnerability can be used to leak kernel memory as well. The second vulnerability (kernel pointer leak) is less impactful and could only serve as a potential information leak. Similarly, the third vulnerability (out-of-bounds read) is also limited to functioning as a potential information leak or even an unreliable local DoS.
“On CentOS 8, RHEL 8, and Fedora systems, unprivileged users can automatically load the required modules if the rdma-core package is installed,” Nichols added.
“On Debian and Ubuntu systems, the rdma-core package will only automatically load the two required kernel modules if the RDMA hardware is available. As such, the vulnerability is much more limited in scope.”
All three vulnerabilities are patched as of 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260, and patches became available in the mainline Linux kernel on March 7th. No patches will be released for EOL unsupported kernels versions like 3.x and 2.6.23.
If you have already installed one of the Linux kernel versions, your device can’t be compromised in attacks exploiting these bugs.
If you haven’t patched your system, you can use the above diagram to find if your device is vulnerable to exploitation attempts.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read
Linux SUDO Flaw Lets Local Users Gain Root Privileges
What is the Linux Firewall? How to Enable Packet Filtering With Open Source Iptables Firewall?
Microsoft has allowed unprivileged users to update their own User Principal Names (UPNs) in Entra…
IntelBroker, a key figure within the dark web's BreachForums, has announced his resignation as the…
A critical vulnerability in Kubernetes, designated as CVE-2024-9042, has been discovered, enabling attackers to execute…
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical…
Researchers from the University of Florida and North Carolina State University conducted an extensive analysis…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS) advisories to…