The principle of the many eyes also sometimes fails completely. Several vulnerabilities in the Linux kernel could survive for a period of at least 15 years until they were discovered and can be eliminated.
The three weak points are in the iSCSI subsystem, which is integrated into the kernel in a modular manner. This means that they are not vulnerable by default on all Linux distributions. However, the module in question is reloaded and activated when a device that requires it is connected to the computer. This emerges from a report by the Grimm security researchers who discovered the bugs.
This also indicates a peculiarity of the security gaps: they can normally only be exploited by an attacker who is on site and has physical access to the target system. However, there is no guarantee that this will be the case under all circumstances. It is quite possible that another vulnerability can be used to circumvent exactly this problem and remotely reload and attack the module.
Undiscovered since "primeval times"
The bugs themselves came into the Linux environment in 2006 with the introduction of the iSCSI subsystem. Obviously, no one has looked into the source code in question closely enough to discover the problems. And this is by no means code that is only available in a few niche systems. Rather, the module in question is basically part of the equipment of all distributions, even if in most cases it is initially not active.
Attackers can use the errors to extend their rights on a system. Even with simple user privileges, it is possible to execute code as root. Ultimately, this means that the attacked system can be completely taken over. A few days ago, the kernel team released patches that are available in kernel versions 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260 and 4.4.260. We therefore strongly recommend installing the relevant updates as soon as the providers of the distributions used or the device manufacturers make them available.
0 Comments