Jannah Theme License is not validated, Go to the theme options page to validate the license, You need a single license for each domain name.
Apps and Software

Linux Kernel Vulnerabilities Grant Local Attackers Root Privileges

Two components of the Linux kernel contain security vulnerabilities that grant local attackers root shell access. A first exploit has been made public.

Two components of the Linux kernel are affected by security vulnerabilities that allow local attackers to elevate their privileges. A Use-After-Free vulnerability in the nf_tables module as well as a logic error in FUSE allow unprivileged users to take over the target system with root privileges.

FUSE (Filesystem in Userspace) is used to mount non-Linux filesystems such as NTFS or UDF (DVDs) without requiring the user to have additional privileges (such as root access). Security researchers have now found a way to disrupt the interaction between the Linux kernel and FUSE while copying files, thus gaining root privileges. The security vulnerability affects systems with kernel versions between 5.11 and 5.19, as well as installed FUSE.

A Chinese security researcher using the pseudonym “breeze chenaotian” has published a detailed analysis of the bug and explains that the vulnerable function called kuid_has_mapping makes incorrect user rights assignments in the different namespaces of the Linux kernel under certain conditions. During a test on a freshly installed Ubuntu VM (22.04), heise Security was able to successfully reproduce this FUSE vulnerability using the proof-of-concept exploit. The security vulnerability is listed with the identifier CVE-2023-0386 in the relevant databases and is prioritized as “high” with a CVSS score of 7.8.

Linux Kernel Vulnerabilities Grant Local Attackers Root Privileges

Copyright TechPlanet.today

In addition to all Linux systems with vulnerable kernel versions 5.11 to 5.19, a number of Netapp products and probably also Linux-based appliances from other manufacturers are affected. Updated kernel packages for most Linux distributions are still pending, but Ubuntu has already responded by releasing a new kernel.

PoC still under embargo

Relatively little is known about the security vulnerability with ID CVE-2023-32233 in nf_tables. A group of Polish security researchers has published the bug on the oss-sec mailing list and claims to have developed a root exploit for it. However, this will only be published on May 15th – until then, an embargo period applies that is intended to give Linux developers and distributions an opportunity to secure their systems. When manipulating the nf_tables configuration, directly consecutive operations are processed incorrectly under certain circumstances, leading to a faulty memory access (use after free). Again, remote attacks are not possible – attackers therefore need access to a user account on the target system.

According to the discoverers, various current Linux kernel versions are affected, including the current stable kernel 6.3.1. The bug was fixed on May 2nd by a kernel patch, but the major Linux distributions have not yet released updated kernel packages.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
sweet bonanzabig bass bonanzadenizli escortartvin escorterzincan escortmanisa escorturfa escorttokat escortkadıköy escortbeykoz escortsilivri escortkagıthane escortmarmaris escortbornova escortpolatlı escortesenyurt escortesenyurt escortesenyurt escortistanbul escortistanbul escortavcılar escortavcılar escortbeylikdüzü escortankara escort bayanadana escortadıyaman escortcasinoGüvenilir slot siteleriantalya escortaydın escortbatman escortizmir escortkaraman escortkayseri escortkırıkkale escortkocaeli escortmalatya escortvan escortzonguldak escortantalya rus escortadana escortankara escortantalya escortadıyaman escortafyon escortamasya escortartvin escortafyon escortbalıkesir escortbartın escortbatman escortbayburt escortbilecik escortbingöl escortbitlis escortbodrum escortbolu escortburdur escortbursa escortçanakkale escortçorum escortdenizli escortdiyarbakır escortdüzce escortedirne escortelazıg escortgebze escorterzincan escorterzurum escorteskişehir escortgaziantep escortgiresun escortgümüşhane escorthatay escortısparta escortizmir escortkahramanmaraş escortkarabük escortkaraman escortkastamonu escortkayseri escortkırşehir escortkocaeli escortkonya escortkütahya escortkuşadası escortmalatya escortmanisa escortmardin escortmersin escortmugla escortordu escortosmaniye escortrize escortsakarya escortsamsun escortşanlıurfa escortsivas escorttekirdağ escorttokat escorttrabzon escortuşak escortvan escortyalova escortyozgat escortzonguldak escortfethiye escortalanya escortmarmaris escortmanavgat escortnumberoneescorts.comescortAntalya Escortdeneme bonusu veren siteleristanbul escortistanbul escortdeneme bonusu veren sitelerbahis siteleribonus veren sitelercasino siteleriescort bayangorukle eskortgörükle escortizmit escort bayanbursa merkez escortbursa eskort bayanbursa escort bayandeneme bonusu veren sitelerdeneme bonusu veren sitelercasino maldivesZonguldak escortYozgat escortbagcılar escortkartal escortbuca escortbeylikdüzü escortçankaya escorteryaman escortfatih escortkurtköy escortbahçelievler escortbakırköy escortküçükçekmece escortmaltepe escortmecidiyeköy escortsancaktepe escortpendik escortşişli escorttuzla escortümraniye escortüsküdar escortgörükle escortsilivri escortbayrampaşa escortesenyurt escortataşehir escortarnavutköy escortantakya escortiskenderun escortadapazarı escortbaşakşehir escortdidim escortatakum escortbandırma escortgebze escortkarşıyaka escortizmir escortbig bass bonanza sweet bonanza casino maldivesSahabetistanbul escortdeneme bonusuizmit escortonline casino maldivesgaziantep escortSahabetbursa travestiSahabet güncel girişBeylikdüzü escortEsenyurt escortBahçeşehir escortHalkalı escortankara escortFethiye EscortFethiye EscortKuşadası EscortKuşadası EscortMarmaris EscortMarmaris EscortBalıkesir EscortBalıkesir EscortTrabzon EscortTrabzon EscortKemer EscortKemer EscortÇanakkale EscortÇanakkale EscortManisa EscortManisa EscortAlanya EscortAlanya EscortBodrum EscortBodrum Escortxxx porn sahtekarcı site üye olunmaz mobil girişadaxx sahtekar scam site seo mars ati mati gotenburgxxx porn sahtekarcı site üye olunmaz canlı bahis siteleri