Linux ker­nel gets fix for se­ri­ous DoS vul­ner­a­bil­ity

OpenSource For You - - Fossbytes -

The Linux com­mu­nity has re­ceived a patch for a se­cu­rity hole that could cause a de­nial of ser­vice (DoS) at­tack. Linux dis­tri­bu­tions that are af­fected by the flaw in­clude the re­cent ver­sions of De­bian, Fe­dora, Red Hat En­ter­prise Linux and Ubuntu.

Se­cu­rity re­searcher

Philip Pet­ters­son spot­ted the vul­ner­a­bil­ity, des­ig­nated CVE2016-8655, within the pack­et_ set_ring func­tion of the Linux ker­nel. Pet­ters­son de­scribed a race con­di­tion that ex­ploits a lo­cal user through AF_PACKET sock­ets with CAP_NET_RAW in the network names­pace.

“A lo­cal un­priv­i­leged at­tacker could use this to cause a de­nial of ser­vice (sys­tem crash) or run ar­bi­trary code with ad­min­is­tra­tive priv­i­leges,” read the brief de­scrip­tion.

Apart from the DoS vul­ner­a­bil­ity spot­ted by Pet­ters­son, re­searchers have found CVE-2016-6480 and CVE-2016-6828. Both the flaws ex­ist within the ker­nel code and can crash the sys­tem by a lo­cal at­tacker.

Patches for all the three vul­ner­a­bil­i­ties have started rolling out for ma­jor Linux dis­tri­bu­tions. It is rec­om­mended that users down­load the lat­est ver­sions to avoid any se­vere at­tacks.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.