Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Code Execution Flaw Affected Linux Kernel Since 2005

A researcher has discovered a serious locally exploitable vulnerability that appears to have been around in the Linux kernel for more than 11 years. The flaw has been addressed in the kernel and Linux distributions are working on releasing patches.

A researcher has discovered a serious locally exploitable vulnerability that appears to have been around in the Linux kernel for more than 11 years. The flaw has been addressed in the kernel and Linux distributions are working on releasing patches.

The weakness, a double-free vulnerability tracked as CVE-2017-6074, was discovered by Google software engineering intern Andrey Konovalov using syzkaller, an open source Linux fuzzer developed by the tech giant.

The flaw affects the Datagram Congestion Control Protocol (DCCP) implementation for Linux since the release of version 2.6.14 in October 2005. In fact, this was the first kernel version to include support for DCCP.

According to the researcher, the vulnerability allows an unprivileged process to execute arbitrary code within the kernel. Affected Linux distributions said the flaw can be exploited for privilege escalation or denial-of-service (DoS) attacks.

“A flaw was found in the Linux kernel’s implementation of the DCCP protocol in which a local user could create influence timing in which a [socket buffer] could be used after it had been freed by the kernel,” explained Gentoo developer Thomas Deutschmann. “An attacker who is able to craft structures allocated in this free memory will be able to create memory corruption, privilege escalation or crash the system.”

The vulnerability was reported to Linux kernel developers on February 15 and a fix was released within two days. Linux distributions were informed about the flaw on February 18 and they are working on patches.

Fixes have already been released for Ubuntu, and Red Hat has informed users that the exploit can be mitigated using recent versions of SELinux.

Konovalov says he will make a proof-of-concept (PoC) exploit available after users have had a chance to update their installations.

Advertisement. Scroll to continue reading.

Related: “Dirty COW” Linux Kernel Exploit Seen in the Wild

Related: Linux Kernel Flaw Puts Millions of Devices at Risk

Related: Linux Kernel Flaw Exposes Most Android Devices to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.