|Title: Patch ready for newly-discovered Linux kernel flaw|
|computerhelp > Computer Questions > Linux||Go to subcategory：|
Date Posted：06/06/2014 2:32 PMCopy HTML
Young security researcher Pinkie Pie has found a bug in the Linux kernel that security experts say is urgent to fix.
I feel more like I do now than I did a while ago...
|D_Runner||Share to: #1|
Re：Patch ready for newly-discovered Linux kernel flaw
Date Posted：06/10/2014 2:19 AMCopy HTML
Good thing this was found and addressed promptly -- this sort of thing is why no user of any OS should ever ignore updates. You might have to read over them to see what you're getting, but better safe than sorry. A direct escalation within ring 0 would require significant technical skill to pull off in my opinion, but I wouldn't leave a kernel unpatched to let someone sneak in and try it.
add: Was just looking over some code involved in this vulnerability and it looks to me like you'd have to make two different memory addresses logically equivalent in the futex call in a way that allows a memory pointer to be unallocated and hence available for use with injected code at one of the memory addresses... if this is so, it seems relatively simple to set up the vulnerability in a form in which it might be used for nefarious purposes, but getting a workable exploit out of it might be a good deal harder to accomplish. But there's a strong possibility someone somewhere would try it... good thing the kernel has been patched already.