Recent Linux Kernel Security Vulnerabilities
Several security vulnerabilities have been found in the Linux kernel from medium to high severity scores. This article examines various discovered vulnerabilities and explores the effectiveness of live kernel patching as a mitigation strategy for these vulnerabilities.
High Severity Score
A use after free vulnerability was discovered in the function prepare_to_relocate within fs/brtfs/relocation.c of the btrfs file system. This flaw arises when the function brtfs_ioctl_balance() is invoked prior to calling btrfs_ioctl_defrag().
A vulnerability has been found in the Linux kernel’s fixed buffer registration code in the io_uring component (io_sqe_buffer_register in io_uring/rsrc/c). As a result, out-of-bound access to physical memory occurs beyond the end of the buffers, leading to a full local privilege escalation.
A vulnerability has been discovered in the Linx kernel’s networking subsystem related to the handling of the RPL protocol. This flaw arises due to a lack of proper handling of user-supplied data, potentially resulting in an assertion failure. An unauthenticated remote attacker has the ability to cause a denial of service condition on the vulnerable system in the case of exploitation.
A vulnerability related to the ntfs3 subsystem was found in the Linux kernel before version 6.2. As the ntfs3 subsystem did not properly check for correctness during disk reads, it could lead to an out-of-bounds read in
ntfs_set_ea in fs/ntfs3/xattr.c.
Medium Severity Score
A null point reference was found in the Linux kernel’s
fs/f2fs/data.c, which could allow a local user to cause a denial of service problem.
A vulnerability was discovered in the Linux kernel’s HCI sockets implementation because of a missing capability check in net/bluetooth/hci_sock.c. An attacker can use this flaw to execute unauthorized management commands.
In 64-bit versions of the Linux kernel,
Copy_from_user does not utilize the
__uaccess_begin_nospec, which allows users to bypass the “access_ok” check and pass a kernel pointer to
copy_from_user(). Therefore, an attacker can exploit this vulnerability to leak sensitive information.
A use-after-free vulnerability was discovered in the ext4 filesystem of the Linux kernel, specifically in how the extra inode size is handled for extended attributes. A local user can use this flaw to cause a system crash or other undefined behaviors.
An af_netrom.c file in the
net/netrom/ directory contains a use-after-free vulnerability, where the accept operation is also allowed for a successfully connected AF_NETROM socket. However, for an attacker to exploit this vulnerability, the system must have netrom routing configured or the attacker must possess the CAP_NET_ADMIN capability.
A use-after-free vulnerability was discovered in the Linux kernel’s hfsplus_put_super in fs/hfsplus/super.c. So, a local user can use this flaw to cause a denial of service problem too.
Live Patching as Solution for Linux Kernel Security
In conclusion, it is crucial to patch these vulnerabilities to protect your system from DoS attacks and sensitive information leaks. One solution that facilitates automated patch deployment is KernelCare Enterprise. It allows you to apply security patches without requiring system restarts or experiencing any operational interruptions, and you can deploy them as soon as they become available.
For more information on how live patching works, refer to this guide.
The sources for this article include a story from stack.watch.