Communications of the ACM
High Severity Linux Network Security Holes Found, Fixed
An analyst for enterprise security solution provider Positive Technologies identified (and patched) five high-severity security vulnerabilities in the Linux kernel's virtual socket implementation.
Credit: channelfutures.com
Positive Technologies' Alexander Popov detected five high-severity security vulnerabilities in the Linux kernel's virtual socket implementation that could be used to gain root access and launch a Denial of Service attack.
The vulnerabilities (CVE-2021-26708) were found in Red Hat's community Linux distribution Fedora 33 Server but exist in the system using the Linux kernel from version 5.5 to the current mainline kernel version 5.11-rc6.
The security holes were created with the addition of virtual socket multi-transport support, and users running virtual machines on the cloud are particularly vulnerable.
Said Popov, "I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86_64 platform protections such as SMEP and SMAP. This research will lead to new ideas on how to improve Linux kernel security."
Popov also created patches for the vulnerabilities, which have been accepted into Linux 5.10.13.
From ZDNet
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found