Cyber Security

Linux Basis Fixes ‘Harmful’ Code Execution Kernel Bug

Researchers are calling consideration to a newly found safety defect in a kernel module that ships with all main Linux distributions, warning that distant attackers can exploit the bug to take full management of a weak system.

The vulnerability — CVE-2021-43267 — is described as a heap overflow within the TIPC (Clear Inter-Course of Communication) module that ships with the Linux kernel to permit nodes in a cluster to speak with one another in a fault-tolerant means.

“The vulnerability could be exploited both regionally or remotely inside a community to realize kernel privileges, permitting an attacker to compromise the whole system,” in keeping with a warning from SentinelOne’s Max Van Amerongen, the safety researcher who discovered — and helped repair — the underlying vulnerability.

Van Amerongen mentioned he found the bug virtually accidentally using Microsoft’s CodeQL, an open-source semantic code evaluation engine that helps ferret out safety defects at scale.

[ READ: Google Triples Bounty for Linux Kernel Exploitation ]

He mentioned the flaw was launched within the Linux kernel in September 2020 when a brand new person message kind referred to as MSG_CRYPTO was added to permit friends to ship cryptographic keys. Wanting on the code, Van Amerongen discovered a “clear-cut kernel heap buffer overflow” with distant exploit implications.

Though the weak TIPC module comes with all main Linux distributions, it must be loaded with a purpose to allow the protocol and set off the vulnerability.

The Linux basis shipped a patch on October 29 and confirmed the underlying vulnerability impacts kernel variations between 5.10 and 5.15.

SentinelOne said Thursday it had not seen proof of in-the-wild abuse.

“This vulnerability could be exploited each regionally and remotely. Whereas native exploitation is less complicated resulting from larger management over the objects allotted within the kernel heap, distant exploitation could be achieved due to the buildings that TIPC helps,” Van Amerongen notes. 

Whereas TIPC itself isn’t loaded routinely by the system and needs to be enabled by finish customers, Van Amerongen mentioned the flexibility to configure it from an unprivileged native perspective and the potential for distant exploitation “makes this a harmful vulnerability” for those who use it of their networks

“As this vulnerability was found inside a yr of its introduction into the codebase, TIPC customers ought to make sure that their Linux kernel model isn’t between 5.10-rc1 and 5.15,” he added. 

Associated: GitHub Announces General Availability of Code Scanning Feature

Associated: Google Triples Bounty for Linux Kernel Exploitation

Associated: GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability

view counter

Ryan Naraine is Editor-at-Giant at SecurityWeek and host of the favored Security Conversations podcast collection. He’s a journalist and cybersecurity strategist with greater than 20 years expertise masking IT safety and know-how developments.
Ryan has constructed safety engagement applications at main international manufacturers, together with Intel Corp., Bishop Fox and Kaspersky GReAT. He’s a co-founder of Threatpost and the worldwide SAS convention collection. Ryan’s profession as a journalist consists of bylines at main know-how publications together with Ziff Davis eWEEK, CBS Interactive’s ZDNet, PCMag and PC World.
Ryan is a director of the Safety Tinkerers non-profit, and an everyday speaker at safety conferences around the globe.
Observe Ryan on Twitter @ryanaraine.

Earlier Columns by Ryan Naraine:

Source link