Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability “can be exploited locally […]
Researchers dubbed it a “straightforward Linux kernel locking bug” that they exploited against Debian Buster’s 4.19.0.13-amd64 kernel. In 2017, MacAfee researchers disclosed a memory corruption bug inside the Linux kernel’s UDP fragmentation offload (UFO) that allowed unauthorized individuals to gain local privilege escalation. The bug affected both IPv4 and IPv6 code paths running kernel version 4.8.0 […]
The cybersecurity researchers have detected that the Linux kernel bug is allowing the threat actors to implement some malicious code into the kernel address space. Linux uses ASLR for user-space programs for a long time, ASLR Address-space layout randomization is generally used for its very famous method to make exploits more difficult by putting various […]
Cybersecurity specialists reported the finding of a critical information disclosure vulnerability in the Linux kernel, the successful exploitation of which would allow sensitive information to be extracted from the compromised system memory. Tracked as CVE-2020-28588, the flaw lies in the /proc/pid/syscall functionality of 32-bit ARM devices running Linux and exists due to incorrect conversion of […]
Cybersecurity specialists reported the finding of two severe vulnerabilities in Linux-based operating systems that could allow threat actors to bypass the mitigations implemented to prevent Spectre and Meltdown attacks, leading to a kernel memory leak. Tracked as CVE-2020-27170 and CVE-2020-27171, the two flaws received a score of 5.5/10 according to the Common Vulnerability Scoring System […]
The Security Researcher Alexander Popov found vulnerabilities in the kernel of Linux operating systems that could allow an attacker to escalate local privileges on a victim’s network. The flaw could allow an attacker to potentially steal data, run administrative commands or install malware on operating systems or server applications. Popov was able to successfully test […]
Red Hat and CentOS have announced the availability of important kernel security updates for their Red Hat Enterprise Linux 7 and CentOS Linux 7 operating system families. The updates are reported to address two security holes and many other bugs. Specifically, the new Linux kernel security update fixes CVE-2019-14821 and CVE-2019-15239 vulnerabilities. Among them, CVE-2019-15239 may cause local […]
Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon Kearns rewrote BackTrack. Kali Linux is the most versatile and advanced penetration testing tool release operating system. Kali tools are often updated and can be used on other platforms, such as VMware and […]
Linus Torvalds has announced Linux kernel 5.4 dubbed “Kleptomaniac Octopus” as the last stable kernel release of 2019. The new Linux kernel accompanies a host of features such as support for the exFAT file system by Microsoft, kernel lockdown feature and support for AMD Radeon Navi 12 and 14 GPUs, AMD Radeon Arcturus GPUs, and […]
The Android platform is built on the Linux kernel but the kernel that runs on your Android device is very different from the LTS version Google picks up as. It has to go through three stages of modifications from Google, the chip makers, and the device makers before ending up as the Device Kernel on […]
Canonical has released a new set of Linux kernel security updates for all of its supported Ubuntu releases to address the latest Intel CPU vulnerabilities and other important flaws. As announced a few days ago, Canonical quickly responded to the latest security vulnerabilities affecting Intel’s CPU microarchitecture, so they have now released Linux kernel updates […]
After 8 release candidates, Linus Torvalds has finally released Linux Kernel 5.3. It is a major upgrade that brings many new features in terms of better hardware support, changes specific to Arm architecture and a couple of bug fixes. The extra release candidate RC8, as Torvalds says, was because of his busy travel schedule. Nonetheless, […]
Linux users have known the pain of dealing with exFAT-formatted flash drives and SD cards on their computers. Thankfully Microsoft, which has recently become a big Linux fanboy, is removing its hold on the patents related to the exFAT file system. This move comes after the company has already had its share of profits, making […]
A team of researchers at Tencent Blade found a series of buffer overflow vulnerabilities (known as QualPwn) that target Android devices running the Snapdragon SoCs. As per the researchers, the vulnerability CVE-2019-10538 (“High” severity rating) can be compromised by attackers to take control of the WiFi chip on a device running an affected Qualcomm SoC. […]
A bunch of resources related to Linux kernel exploitation. Exploitation techniques 2019: “Leak kernel pointer by exploiting uninitialized uses in Linux kernel” by Jinbum Park [slides] 2018: “Linux Kernel universal heap spray” by Vitaly Nikolenko [article] 2018: “Linux-Kernel-Exploit Stack Smashing” [article] 2018: “Entering God Mode – The Kernel Space Mirroring Attack” [article] 2018, HitB: “Mirror […]
Ops is a tool for creating and running a Nanos unikernel. It is used to package, create and run your application as a nanos unikernel instance. Most Unikernels out there are specialized for a high-level language, but Nanos is capable of executing any valid ELF binary. We provide pre-tested packages for common linux software including […]
Shadow-box is a security monitoring framework for operating systems using state-of-the-art virtualization technologies. Shadow-box has a novel architecture inspired by a shadow play. We made Shadow-box from scratch, and it is primarily composed of a lightweight hypervisor and a security monitor. The lightweight hypervisor, Light-box, efficiently isolates an OS inside a guest machine and projects […]
Microsoft’s recent associations with Linux and other open source software have certainly attracted the attention of developers. Starting with the initial release of Windows Subsystem of Linux (WSL) that allowed Windows 10 users to run Bash in Ubuntu in Windows 10, Microsoft surprised its Build 2019 audience by announcing that the WSL 2 will ensure […]
Offensive Security, the makers of Kali Linux, have shipped their second release in 2019. The new Kali Linux 2019.2 distribution is now available for ethical hackers and security researchers. This release brings along many bug fixes and updated packages that are surely worth upgrading. Before you move ahead to explore the new changes in Kali […]
We keep coming across various security loopholes in different software on a daily basis, but it rarely happens that Linux kernel gets crippled by a high-impact flaw. However, things are looking a bit different today as millions of Linux systems have been found to be affected by a massive flaw. It’s being reported that the […]
Linux operating system computers running versions prior to 5.0.8 kernel distributions are impacted by a vulnerability exposing systems committed to a wide variety of remote attacks, as reported by information security services experts. A threat actor could exploit the vulnerability that resides in the rds_tcp_kill_sock kernel’s TCO/IP implementation to generate denial-of-service and remote code execution […]