Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Positive Technologies Discovers and Patches Linux Kernel Vulnerabilities

  • Now-Fixed Vulnerabilities Enabled Local Privilege Escalation

Positive Technologies security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. These vulnerabilities could be exploited for local privilege escalation, as confirmed by Popov in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity).

Recommended AI NewsInsilico Medicine Achieves Industry First Nominating Preclinical Candidate Discovered by AI

These vulnerabilities result from race conditions[1] that were implicitly added with virtual socket multi-transport support. They appeared in Linux kernel version 5.5 in November 2019. The vulnerable kernel drivers (CONFIG_VSOCKETS and CONFIG_VIRTIO_VSOCKETS) are shipped as kernel modules in all major GNU/Linux distributions. The vulnerable modules are automatically loaded when an AF_VSOCK socket is created. This ability is available to unprivileged users.

Popov said: “I successfully developed a prototype exploit for local privilege escalation on Fedora 33 Server, bypassing x86_64 platform protections such as SMEP and SMAP. This research will lead to new ideas on how to improve Linux kernel security.”

Related Posts
1 of 40,572

Recommended AI NewsBotkeeper Revolutionizes the Accounting Industry by Turning Leads to CPAs and Industry Professionals

Popov prepared the fixing patch and disclosed the vulnerabilities responsibly to the Linux kernel security team. The patch has been merged into mainline kernel version 5.11-rc7 and backported into affected stable trees.

Previously, Popov discovered and fixed Linux kernel vulnerabilities CVE-2019-18683 and CVE-2017-2636.

Recommended AI NewsSaasable is Chosen to Participate in Startup Accelerator Focused on Accounting Innovation

1 Comment
  1. Copper scrap market Copper ingot recycling Scrap metal regenerating solutions
    Copper cable waste, Metal reclaiming operations, Sustainable copper refining

Leave A Reply

Your email address will not be published.