Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution

Discussion in 'all things UNIX' started by guest, May 13, 2019.

  1. guest

    guest Guest

    Linux Kernel Prior to 5.0.8 Vulnerable to Remote Code Execution
    May 13, 2019
    https://www.bleepingcomputer.com/ne...r-to-508-vulnerable-to-remote-code-execution/
     
    guest, May 13, 2019
    #1
  2. Beyonder

    Beyonder Registered Member

    Joined:
    Aug 26, 2011
    Posts:
    545
    I'm curious, what prevents this vulnerability from being exploited? Does Firejail prevent it? AppArmor? SELinux?

    Or is patching the only solution?
     
    Beyonder, May 13, 2019
    #2
  3. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,550
    Kernel exploits usually cannot be stopped by security software.
    However, this exploit is not much of an issue:
    1 It was patched already in March for older kernels (the newest kernel is not vulnerable)
    2 It is a difficult exploit to pull off, so home users need not worry
    3 No actual cases in the wild have been reported.
     
    shmu26, May 14, 2019
    #3
  4. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,010
    Location:
    Member state of European Union
    Seccomp may prevent locally running programs from exploiting some kernel vulnerabilities by restricting access to some kernel syscalls. This is not the case for remote kernel code execution, though.

    But a lot of distributions were not patched at time of CVE announcement.
     
    reasonablePrivacy, May 14, 2019
    #4
  5. guest

    guest Guest

    https://blogs.quickheal.com/cve-201...vilege-escalation-vulnerability-linux-kernel/
     
    guest, May 27, 2019
    #5
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...