Tech Support
Documentation
Login
Contact Us
New Security Vulnerabilities Discovered in the Linux Kernel
Rohan Timalsina
June 8, 2023 - TuxCare expert team
The Linux kernel has a number of newly discovered security vulnerabilities that can be used to escalate local privileges or crash the system. These vulnerabilities have the potential to have serious effects, according to the National Vulnerability Database (NVD), which rated their severity as “high”. It is important to address these vulnerabilities promptly to mitigate potential risks.
Linux Kernel Security Vulnerabilities
brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c allows a slab-out-of-bound read vulnerability in the Linux kernel. It is because assoc_info->req_len data exceeds the buffer size defined as WL_EXTRA_BUF_MAX. As a result, this vulnerability causes a denial of service.
When the value of lmax exceeds QFQ_MIN_LMAX, an out-of-bounds write vulnerability occurs prior to Linux kernel version 6.2.13. This results in unauthorized write operations outside the intended boundaries.
A use-after-free vulnerability in Netfilter nf_tables of the Linux kernel 6.3 .1 when processing batch requests, allowing malicious actors to carry out arbitrary read and write operations on kennel memory. Unprivileged local users can gain root privileges on the exploitation of this vulnerability.
This is an out-of-bounds memory access vulnerability found in the XFS file system of the Linux kernel in how a user restores an XFS image after failure with a dirty log journal. A local user can use this flaw to crash the system or escalate their privileges.
A use-after-free vulnerability in the io_uring subsystem of the Linux kernel can be exploited to gain local privilege escalation. During the error, both io_install_fixed_file and its callers call fput in a file, causing a reference underflow, which leads to this vulnerability.
A vulnerability was detected in Netfilter within the Linux kernel prior to version 5.10. The issue involves a use-after-free condition occurring in the packet processing context. This vulnerability arises due to the mishandling of per-CPU sequence count during the concurrent replacement of iptables rules.
Protect Your System against Linux Security Vulnerabilities
Live Patching
Maintaining the security and stability of your system requires regular patching and thorough testing of vulnerabilities and bugs. By doing so, you can proactively address potential security risks and prevent exposure without having to rely on maintenance windows provided by the original vendor. This approach adds an extra layer of protection to an organization’s vulnerability management strategy.
To streamline this process, KernelCare Enterprise offers automated security patching without reboots or downtimes. KernelCare enables faster deployment of patches, minimizing system downtime and ensuring that critical security updates are implemented as soon as they are available.
Extended Lifecycle Support
Is your Linux distribution already beyond its End of Life? If yes, TuxCare’s Extended Lifecycle Support is an excellent option that provides automated vulnerability patches for your EOL systems for up to four years past the EOL date. With Extended Lifecycle Support, we keep track of critical Linux kernel vulnerabilities and security issues related to the operating system.
If you have specific requirements for your organization, speak to a TuxCare expert, and they will discuss with you to understand your unique needs and provide the best solution accordingly.
The sources for this article include a story from stack.watch.
