Linux Latest News & Update: Three Serious Security Holes Detected! Patch To Kernel Vulnerabilities Available Now!
A hackers and security researcher found a bug that can exploit a Linux kernel and cause trouble for the user. Three serious Linux kernel security holes were discovered that can crash a computer system.
Three latest kernels were discovered by Philip Pettersson that enable users to have a local remote access and exploit a Linux system. Remote users that have virtual and cloud-based Linux can easily crash the victim's Linux System and run an arbitrary code as root.
Vulnerable three latest Linux kernel
The vulnerable three Linux kernels are CVE-2016-8655, CVE-2016-6480, and CVE-2016-6828. The report was originally posted by Philip Pettersson on Seclists website explaining that CVE-2016-8655 is the worst among the three.
Three latest Linux kernel nasty exploit
According to ZDNet, the exploitation works when a remote user creates a race condition in "packet_set_ring" function in the Linux kernel. It means that the attacker will perform a series of operations simultaneously in the system instead of the usual successful completion before the other will continue.
In Philip Pettersson post, he explained that the bug can be triggered when a local user creates AF_PACKET, which can only be acquired if the attacker has CAP_NET_RAW in his network's namespace under unprivileged processes. In most of the Linux distributions, like with Fedora and Ubuntu, unprivileged namespaces are enabled, which can easily compromise the host kernel once triggered from within containers.
In addition, the Linux kernel CVE-2016-6480 can be exploited if the attacker access the Adaptec AAC RAID controller driver to crash the system. On the other hand, the CVE-2016-6828 Linux kernel is not too dangerous as Pettersson explains that using this will be hard for the attacker, but once attacked it can crash a server and execute arbitrary code.
Linux vulnerable Operating Systems
Linux Operating Systems that can be exploited include Debian, Fedora, Red Hat Enterprise Linux 7 and the Ubuntu. Meanwhile, the patches are already available for most Linux OS to fix these vulnerabilities and owners are advised to patch their Linux system to avoid further problems.