A hole has been found in Linux kernel versions stretching back eight years that is "as trivial as it can get to exploit", according to the Google employees who discovered it.
Julien Tinnes and Tavis Ormandy, the security researchers who discovered the vulnerability, have already issued a patch for the flaw. According to a blog post written by Tinnes last week, the hole "affects all 2.4 and 2.6 kernels since 2001 on all architectures", and is "the public vulnerability affecting the greatest number of kernel versions".
While the kernel hole allows only local privilege escalation, the vulnerability is widespread, said the researchers.
"The issue lies in how Linux deals with unavailable operations for some protocols. sock_sendpage and others don't check for Null pointers before dereferencing operations in the ops structure," Tinnes wrote. "Instead the kernel relies on correct initialization of those proto_ops structures with stubs (such as sock_no_sendpage) instead of Null pointers."
Tinnes said that, as the vulnerability leads to the kernel executing code at Null, it is "as trivial as it can get to exploit".
As a new Linux admin, it's easy to trip up over commonly made mistakes, says Jack Wallen...
"An attacker can just put code in the first page that will get executed with kernel privileges," Tinnes wrote.
In an advisory published on Neohapsis last week, Ormandy wrote that an attacker could exploit the vulnerability by creating a mapping at address zero containing code to be executed with privileges of the kernel, thus triggering a vulnerable operation.
The Red Hat team issued an official mitigation recommendation last week, in which they called for the affected protocols to be blacklisted in order to stop Tinnes and Ormandy's publicly circulated exploit from working properly on Red Hat Enterprise Linux.
Play video
There are currently no comments for this post.