Local Vulnerabilities in Current Kernels

Feb 12, 2008

Recent kernel versions back to the older kernel 2.6.17 may contain a vulnerability that can be exploited by local attackers.

Although a fix for the vulnerability is now available, the solution does not seem to be totally secure. A vulnerability gives local attackers the ability to manipulate or hijack the system. Network attackers are said not to work. The vulnerability has been confirmed in kernel versions 2.6.17 through A new kernel version, 2.24.2, was released Monday, however, the developers were not entirely sure if the vulnerability had really been removed. The current developer kernel 2.6.25 is said to have reliably fixed the security bug.

The bug was caused by pointer handling in programs. The "vmsplice" function, which was affected, was introduced with kernel 2.6.17. It supports faster transfer between various memory areas. The vulnerability was caused by incorrect validation by the "vmsplice_to_user()", "copy_from_user_mmap_sem()" and "get_iovec_page_array()" functions prior to performing memory operations. Under certain circumstances attackers could use a carefully crafted call to "vmsplice()" to read or write to kernel memory space.

Related content

  • Security Bugs in Kernel and Rsync

    Security researchers at Secunia have reported two security bugs in the Rsync synchronization tool and one in the current Linux kernel.

  • Vulnerabilities in OpenSSL

    Three security issues have been identified in the Open Source implementation of the SSL/TLS protocol, OpenSSL. The vulnerabilities allow targeted attacks.

  • Local Security Bug in GNU Emacs

    A vulnerability in the extended text editor GNU Emacs gives local attackers the ability to run arbitrary code.

  • Vulnerability Discovered in X Font Server

    Two protocol handlers give attackers the ability to inject malicious code into X Font Server (XFS). Linux systems are only vulnerable to local attacks. The X Font Server is not accessible over networks by default.

  • Thunderbird Cures Vulnerabilities

    Following security fixes for Firefox, Camino & Co, the developers of the Thunderbird email client have now taken steps to remove known vulnerabilities, closing down five security holes, one of which was and classified as critical.

comments powered by Disqus

Issue 264/2022

Buy this issue as a PDF

Digital Issue: Price $12.99
(incl. VAT)