Ubuntu Fixes Memory Vulnerabilities in Vim: Patch Now
Vim, a popular text editor in Unix-like operating systems, has been identified with two medium-severity vulnerabilities that could pose a security risk to users. These vulnerabilities, identified as CVE-2024-41957 and CVE-2024-43374, could allow attackers to cause a denial of service (DoS) or potentially execute code with user privileges.
Let’s dive into these vulnerabilities, their potential impact, and the steps you can take to protect your systems.
Vim Vulnerabilities Fixed in Ubuntu
CVE-2024-41957: Double-Free Vulnerability
This vulnerability is caused by a double-free error in the src/alloc.c file at line 616. When a window in Vim is closed, the associated tagstack data is cleared and freed. However, if the quickfix list in that window references the same tagstack data, Vim attempts to free it again, resulting in a double-free or use-after-free access exception.
It affects versions of Vim prior to v9.1.0647. By tricking a user into opening a malicious file, an attacker could exploit this vulnerability to cause Vim to crash or potentially gain unauthorized access to the user’s system.
Impact:
The impact of this vulnerability is considered low as it requires the user to intentionally execute Vim with several non-default flags. This makes it less likely to be exploited accidentally. However, if exploited, it could disrupt workflow or potentially allow malicious code to execute in certain scenarios.
Fix:
The issue has been resolved as of Vim patch v9.1.0647. Users are advised to update to the latest patched version to mitigate this risk.
CVE-2024-43374: Use-After-Free Vulnerability
This vulnerability involves a use-after-free error in how argument lists are handled. When adding a new file to the argument list, the execution of Buf* autocommands are triggered. If an autocommand closes the buffer or the window displaying it, the window structure containing the argument list reference is freed. After the autocommands complete, the references to the window and argument list become invalid, leading to a use-after-free scenario.
It affects Vim versions prior to v9.1.0678. By tricking a user into opening a malicious file, an attacker could exploit this vulnerability to cause Vim to crash.
Impact:
The vulnerability has a low impact since exploitation requires unusual conditions, such as configuring unusual autocommands that wipe a buffer during creation. This can be done manually or by using a malicious plugin. However, if exploited, an attacker could use this to crash Vim, causing a denial of service.
Fix:
The vulnerability has been addressed in Vim patch v9.1.0678. Updating to this version or later will protect users from potential exploitation.
How to Protect Your System from Vim Vulnerabilities
To safeguard your systems from these vulnerabilities, it is essential to update Vim to the latest patched versions. Canonical has released security updates that address these vulnerabilities across multiple releases, including:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
However, it’s important to note that Ubuntu 18.04, Ubuntu 16.04, and Ubuntu 14.04 have already reached their end-of-life (EOL) dates, and their Extended Security Maintenance (ESM) versions are available only through the Ubuntu Pro subscription, which comes at a significant cost.
Learn about what does end-of-life mean for Linux in this comprehensive guide.
Alternative Extended Support Option
For users running older Ubuntu versions like 16.04 and 18.04, TuxCare offers an affordable solution through its Extended Lifecycle Support (ELS). This service provides continued security updates for up to five years beyond the official EOL date, allowing users to maintain secure environments without incurring high costs. More than 140 packages are covered in ELS, including Linux kernel, Vim, OpenSSL, glibc, Python, OpenJDK, OpenSSH, and many other packages.
TuxCare’s ELS also provides extended support for other Linux distributions, such as CentOS 6, CentOS 7, CentOS 8, CentOS Stream 8, Oracle Linux 6, and Oracle Linux 7.
Have any questions about end-of-life Linux support or vulnerability patching? Our Linux security experts are ready to answer. Ask Us a Question.
Source: USN-6993-1