Browsing tag
In a sign that cybersecurity researchers continue to be under the radar of malicious actors, a proof-of-concept (PoC) has been discovered on GitHub, concealing a backdoor with a “crafty” persistence method. “In this instance, the PoC is a wolf in sheep’s clothing, harboring malicious intent under the guise of a harmless learning tool,” Uptycs researchers […]
Details have emerged about a newly identified security flaw in the Linux kernel that could allow a user to gain elevated privileges on a target host. Dubbed StackRot (CVE-2023-3269, CVSS score: 7.8), the flaw impacts Linux versions 6.1 through 6.4. There is no evidence that the shortcoming has been exploited in the wild to date. […]
Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 (a reference to eleet or leet) to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program (OSS VRP), the offering is one of the first open source-specific vulnerability […]
Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is “as nasty as Dirty Pipe.” Dubbed DirtyCred by a group of academics from Northwestern University, the security weakness exploits a previously unknown flaw (CVE-2022-2588) to escalate privileges to the maximum level. “DirtyCred is a kernel exploitation concept that […]
A new covert Linux kernel rootkit named Syslogk has been spotted under development in the wild and cloaking a malicious payload that can be remotely commandeered by an adversary using a magic network traffic packet. “The Syslogk rootkit is heavily based on Adore-Ng but incorporates new functionalities making the user-mode application and the kernel rootkit […]
Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600 (CVSS score: 7.8), the vulnerability is ranked “High” for severity and could be exploited by a […]
Linux distributions are in the process of issuing patches to address a newly disclosed security vulnerability in the kernel that could allow an attacker to overwrite arbitrary data into any read-only files and allow for a complete takeover of affected systems. Dubbed “Dirty Pipe” (CVE-2022-0847, CVSS score: 7.8) by IONOS software developer Max Kellermann, the […]
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability “can be exploited locally […]
Linus Torvalds has announced Linux kernel 5.4 dubbed “Kleptomaniac Octopus” as the last stable kernel release of 2019. The new Linux kernel accompanies a host of features such as support for the exFAT file system by Microsoft, kernel lockdown feature and support for AMD Radeon Navi 12 and 14 GPUs, AMD Radeon Arcturus GPUs, and […]
The Android platform is built on the Linux kernel but the kernel that runs on your Android device is very different from the LTS version Google picks up as. It has to go through three stages of modifications from Google, the chip makers, and the device makers before ending up as the Device Kernel on […]
Roman Gushchin, who is part of Facebook’s Linux kernel engineering team, has discovered a “serious flaw” in the way that the current slab memory controller in Linux kernel works. He says (Via The New Stack)that existing kernel design causes low slab utilization and the reason behind it is that the slab pages are used only […]
After fiddling with the idea for a long time, Linus Torvalds has finally decided to add “lockdown” security feature in Linux Kernel 5.4. The feature will be optional and will be shipped as Linux Security Module in the upcoming Linux 5.4. The feature will bring a major change in how user-space interacts with the Linux […]
After 8 release candidates, Linus Torvalds has finally released Linux Kernel 5.3. It is a major upgrade that brings many new features in terms of better hardware support, changes specific to Arm architecture and a couple of bug fixes. The extra release candidate RC8, as Torvalds says, was because of his busy travel schedule. Nonetheless, […]
Movies and TV shows pop up in our minds when we say the word Netflix. But it turns out the company wants to do a lot more than just entertain its users. Netflix researchers found four critical vulnerabilities that affect different versions of Linux and FreeBSD kernels deployed in systems worldwide. As explained in the […]
We keep coming across various security loopholes in different software on a daily basis, but it rarely happens that Linux kernel gets crippled by a high-impact flaw. However, things are looking a bit different today as millions of Linux systems have been found to be affected by a massive flaw. It’s being reported that the […]
The Linux creator Linus Torvalds has finally released Linux 5.0 after a long wait. Earlier this year in January, he confirmed the same with the shipping of the first release candidate of Linux 5.0. However, in case you were expecting tons of major features with this numerical jump from 4.x to 5.x, you’ll end up […]
With last week’s release of Linux 5.0-rc1, it’s confirmed that Linus Torvalds has finally decided to adopt the 5.x series. The kernel enthusiasts and developers have been waiting for this change since the release of Linux 4.17. Back then, Linus Torvalds hinted at the possibility of the jump to place after 4.20 release. “I suspect that […]
Linus Torvalds has released Linux kernel 4.20 (it looks like we’re not getting Linux 5.0 anytime soon). This reminds me of last year’s Linux 4.9, which turned out to be the biggest ever kernel in terms of the number of commits. Talking about the latest Linux 4.20, it’s a big kernel as well. As per […]
Following the release of Linux kernel 4.19, the 4.20 (or 5.0) merge window is now open. Linus Torvalds is also back at the driver seat to take care of the Linux development. At the Linux’s Maintainers’ Summit in Scotland, Torvalds spoke with ZDNet and discussed the future plans and recent developments. In the interview, he expressed […]
The incidents that preceded (and accompanied) the Linux kernel 4.19 development cycle have been one of the most critical ones faced by the Linux community. In order to bring some major changes to the community, Linus Torvalds took a break from kernel development and passed the baton to Greg Kroah-Hartman. A new Code of Conduct was […]
The Linux Kernel since version 3.16 to 4.18.8 has an unfixed vulnerability, as disclosed by Google Project Zero. The vulnerability was first exposed by Jann Horn, a cybersecurity researcher under the Project Zero program. Now known as CVE-2018-17182, it is a cache invalidation bug that affects the memory management Linux module. Successful exploitation of the […]