Communications of the ACM

Home/News/High Severity Linux Network Security Holes Found,.../Full Text

ACM TechNews

High Severity Linux Network Security Holes Found, Fixed

By ZDNet
March 16, 2021
Comments

View as: Print Mobile App Share:

Artist's representation of a security hole as a hole in a padlock. — An analyst for enterprise security solution provider Positive Technologies identified (and patched) five high-severity security vulnerabilities in the Linux kernel's virtual socket implementation.

Credit: channelfutures.com

Positive Technologies' Alexander Popov detected five high-severity security vulnerabilities in the Linux kernel's virtual socket implementation that could be used to gain root access and launch a Denial of Service attack.

The vulnerabilities (CVE-2021-26708) were found in Red Hat's community Linux distribution Fedora 33 Server but exist in the system using the Linux kernel from version 5.5 to the current mainline kernel version 5.11-rc6.

The security holes were created with the addition of virtual socket multi-transport support, and users running virtual machines on the cloud are particularly vulnerable.

Said Popov, "I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86_64 platform protections such as SMEP and SMAP. This research will lead to new ideas on how to improve Linux kernel security."

Popov also created patches for the vulnerabilities, which have been accepted into Linux 5.10.13.

From ZDNet
View Full Article

No entries found

High Severity Linux Network Security Holes Found, Fixed

Waymo Recalls Software After Two Self-Driving Cars Hit the Same Truck

Gaining Benefit from Artificial Intelligence and Data Science: A Three-Part Framework

SWOT Analysis of ChatGPT in Computer Science Education