Several Use After Free Linux Kernel Flaws Fixed
Recently, the Linux kernel was found to have several critical flaws. Memory exhaustion, system crashes, denial of service (DoS), the disclosure of private data, cross-site scripting (XSS) attacks, privilege escalation attacks, or the execution of arbitrary code are all potential effects of these issues.
This blog post will discuss those kernel vulnerabilities and their potential impacts on the system.
Impact of Discovered Flaws
The Linux kernel’s Advanced Linux Sound Architecture (ALSA) subsystem contained a use-after-free vulnerability. A local attacker can use this flaw to escalate privileges on the system and leak kernel information.
Since measuring the usage of shared memory does not properly scale with large shared memory segments, it could result in memory exhaustion and a denial of service (DoS).
The SGI GRU driver in the Linux kernel contained a use-after-free flaw. As a result, this vulnerability allows a local attacker to cause a system crash or potentially escalate their privileges.
The Linux kernel’s vmwgfx driver included an out-of-bounds write vulnerability which allows a local attacker to escalate their privileges on the system or cause a system crash.
The dvb-core subsystem in the Linux kernel contained a use-after-free vulnerability in how a user physically removed a USB device while running malicious code. As a result, a local user can cause a denial of service or escalate their privileges on the system.
A NULL pointer deference flaw was discovered in the network queuing discipline implementation in the Linux kernel. This vulnerability allows a local attacker to cause a system crash or leak internal kernel details.
The prctl syscall failed to protect against indirect branch prediction attacks in some cases. As a result, a local attacker may use this flaw to disclose sensitive information.
A NULL pointer deference flaw was discovered in one of the network subcomponents in the Linux kernel. This vulnerability can result in a system crash.
The atm_tc_enqueue
in net/sched/sch_atm.c
in the Linux kernel was found to have a denial of service flaw. Such type confusion vulnerability may allow a local attacker to cause a denial of service.
The RNDIS USB driver in the Linux kernel included an integer overflow vulnerability. As a result, a local user can cause a system crash or escalate their privileges on the system.
The Linux kernel’s DVB USB AZ6027 driver included a NULL point deference flaw which allows a local attacker to cause a denial of service (system crash).
Security Measures for Linux Kernel Flaws
For system administrators, it is critical to track security updates and apply them as soon as they are available. TuxCare has recently released patches for the above flaws in the Linux kernel. Therefore, we recommend all affected users update the patches immediately to safeguard their systems and sensitive data from attackers.
KernelCare can patch all popular Linux distributions without system reboots or downtime, so you don’t have to worry about downtime. You can read more about KernelCare Enterprise and how its live patching works.
The sources for this article include a story from LinuxSecurity.