Linux kernel gets fix for serious DoS vulnerability
The Linux community has received a patch for a security hole that could cause a denial of service (DoS) attack. Linux distributions that are affected by the flaw include the recent versions of Debian, Fedora, Red Hat Enterprise Linux and Ubuntu.
Philip Pettersson spotted the vulnerability, designated CVE2016-8655, within the packet_ set_ring function of the Linux kernel. Pettersson described a race condition that exploits a local user through AF_PACKET sockets with CAP_NET_RAW in the network namespace.
“A local unprivileged attacker could use this to cause a denial of service (system crash) or run arbitrary code with administrative privileges,” read the brief description.
Apart from the DoS vulnerability spotted by Pettersson, researchers have found CVE-2016-6480 and CVE-2016-6828. Both the flaws exist within the kernel code and can crash the system by a local attacker.
Patches for all the three vulnerabilities have started rolling out for major Linux distributions. It is recommended that users download the latest versions to avoid any severe attacks.