2w ago

CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware

This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide.

Comments

turdas @suppo.fi 2w ago
This only affects positively ancient kernels:
From (including) 3.15 Up to (excluding) 5.15.149 From (including) 6.1 Up to (excluding) 6.1.76 From (including) 6.2 Up to (excluding) 6.6.15 From (including) 6.7 Up to (excluding) 6.7.3
- somerandomperson @lemmy.dbzer0.com 2w ago
  fuck my phone running android is vulnerable
- methodicalaspect @midwest.social 2w ago
  If I’m not mistaken, RHEL9 and equivalents are on 5.15. That’s a pretty big blast radius.
  
  turdas @suppo.fi 2w ago
  They will probably have a version newer than 5.15.149.
  
  Brosplosion @lemmy.zip 2w ago
  RHEL is on 5.15 in spirit only. They backport tons of patches to the point that 5.15 modules don't build against it
  
  AliasAKA @lemmy.world 2w ago
  I think RHEL9 uses 5.14 as base
- anamethatisnt @sopuli.xyz 2w ago
  Debian Bookworm (Debian 12/oldstable) would be affected then, I think?
  
  turdas @suppo.fi 2w ago
  It looks to be on 6.1.153 currently which is much newer than 6.1.76.
- Lost_My_Mind @lemmy.world 2w ago
  How would I know what kernal I have?
  
  turdas @suppo.fi 2w ago
  With the uname -a command
BCsven @lemmy.ca 2w ago
Local attacker? So on your LAN
- henfredemars @infosec.pub 2w ago
  You need to be able to run code on the system that has the bug. The bug is in the netfilter component, in how it's managed on that system, not in the actual traffic flows.
  
  BCsven @lemmy.ca 2w ago
  So a non issue unless somebody has physical access to the machine?
- Evil_Shrubbery @thelemmy.club 2w ago
  The (ssh) call it coming from inside the 127.0.0.1!!
  (Scoot over, I need the keeb.)
Treczoks @lemmy.world 2w ago
For exploiting a privilege escalation the attacker must be able to run their own code on your machine. If you let them do such things, you already have more than enough security problems in the first place.
- okamiueru @lemmy.world 2w ago
  Except for supply chain attacks. You get a foot in the door, and open the rest with impunity
  
  Treczoks @lemmy.world 2w ago
  Yes, but still a privilege elevation bug is still less risky than a remote execution one.
qweertz (they/she) @programming.dev 2w ago
And that kids, is why we are pushing for Rust in the Kernel
- onlinepersona @programming.dev 2w ago
  But... You dont understand, Rust is the devil! If Rust were made the kernel's main language it would terrible because that would mean change 😭😭😭
- Zangoose @lemmy.world 2w ago
  But then the kernel wouldn't be free! Free as in 'use-after-free'!
  (/s in case it wasn't obvious)
- Shanmugha @lemmy.world 2w ago
  Magical pills do not exist. Better start pushing old fuckers incapable of learning out of the project (yeah, I don't like this kind of treatment of Rust just because it is not C either)
  
  Quazatron @lemmy.world 2w ago
  Old fuckers exist to protect young fuckers from throwing out the baby with the bath water.
- ZILtoid1991 @lemmy.world 2w ago
  Okay, then why we need to use a language that has more in common with OCaml? What about using a better C instead?
  
  ayyy @sh.itjust.works 2w ago
  Such as?
  
  dreadbeef @lemmy.dbzer0.com 2w ago
  no one uses d
- corsicanguppy @lemmy.ca 2w ago
  Yay! Pick an arbitrary solution to a problem just because it's different and shiny! The shine will fix it!
- Possibly linux @lemmy.zip 2w ago
  Rust would not of fixed this
  Rust isn't magical
  
  dragonfly4933 @lemmy.dbzer0.com 2w ago
  Explain how a use after free could occur in safe rust, because to my knowledge, that is exactly the kind of thing rust does protect against.
  
  Zangoose @lemmy.world 2w ago
  Do you know what a use-after-free bug is? Rust was literally designed to make this type of memory bug impossible.
  
  Noja @sopuli.xyz 2w ago
  You never say "would not of". It's "would not have".
  Rust would have prevented this, because the borrow checker prevents use-after-free vulnerabilites.
- just_another_person @lemmy.world 2w ago
  Lol. You have no idea what you are talking about about here 😂
  
  qweertz (they/she) @programming.dev 2w ago
  
  Granted, I was mostly shit posting. But in all seriousness: wouldn't Rust prevent that kind of exploit by inherent design?
  Due to Rust’s ownership semantics, when we free a value, we relinquish ownership on it, which means subsequent attempts to use the value are no longer valid.
  https://stanford-cs242.github.io/f18/lectures/05-1-rust-memory-safety.html
  
  ethancedwards8 @programming.dev 2w ago
  Clearly you have no idea. Rust makes this kind of bug impossible.
  
  Lost_My_Mind @lemmy.world 2w ago
  Neither do I. What's Rust in this context?
potoooooooo ☑️ @lemmy.world 2w ago
Feeling pret-ty smug about my Windows 10 machine rn ngl
- Frenchgeek @lemmy.ml 2w ago
  Your Windows 10 machine? Microsoft disagree.
- prole @lemmy.blahaj.zone 2w ago
  Lol because Windows has never been exploited
  
  potoooooooo ☑️ @lemmy.world 2w ago
  Name literally one time!?
ScoffingLizard @lemmy.dbzer0.com 2w ago
I read: Microsoft started to feel threatened and paid black hats to exploit vulnerabilities in wares that people have recently learned are far superior to their goddamned surveillance garbage.

95 Comments