Linux Kernel Bug Lets Hackers Gain Root Access on Most Modern Linux Distros

The cybersecurity analysts at Qualys have discovered a new Linux kernel bug that lets any unprivileged threat actor gain root access on most modern Linux distros.

By exploiting an LPE (Local Privilege Escalation) vulnerability a threat actor can get root privileges on vulnerable devices through default configurations of the Linux Kernel’s filesystem layer.

The security experts at Qualys have dubbed this flaw as “Sequoia,” and tracked it with the following CVE ID:-

Sequoia (CVE-2021-33909)

This newly discovered flaw is identified in the Linux Kernel’s filesystem layer, and this functionality is a universal feature that is used by all the major Linux operating systems to manage user data.

The investigation reports of Qualys claim that since 2014 all the Linux kernel versions released, this Sequoia (CVE-2021-33909) vulnerability affects all of them. 

On the default installations of several new distros, the hackers can gain root privileges easily, if they successfully manage to exploit this flaw on a vulnerable system.

To justify it, the researchers at Qualys have claimed that on the default installations of the major distros like, Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation they have managed to gain root privileges after they successfully exploited the flaw.

Apart from this, if we talk about the other Linux distros, then let me elucidate that other Linux distributions are also vulnerable and exploitable. 

Along with this flaw, the experts at Qualys have also discovered another flaw which is tracked as CVE-2021-33910, and it’s a stack exhaustion denial-of-service vulnerability.

This flaw is present in all versions of systemd and in April 2015 this flaw was initially discovered, since then it’s affecting all the systemd versions released.

Don’t know about systems? Don’t worry, let simplify it, systemd is a software suite that is used after booting to start all other system components, and this suite comes pre-inbuilt with all the Linux distros.

Mitigations

The researchers have affirmed that currently, they have only specific mitigations for the exploit they have abused, and here they are:-

  • In a user namespace to stop a hacker from mounting a long directory, you have to set /proc/sys/kernel/unprivileged_userns_clone to 0.
  • Into the Linux kernel to prohibit a hacker from loading an eBPF program you have to set /proc/sys/kernel/unprivileged_bpf_disabled to 1.

Since the range of Sequoia vulnerability is broad, so, the security experts have strongly recommended all Linux users to apply the patches released recently.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji N
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.