A new privilege elevation vulnerability has been discovered in the Linux kernel that could allow a local attacker to execute malware on vulnerable systems.
Security researcher Davide Ornaghi recently discovered a new privilege escalation vulnerability in the Linux kernel that could allow a local attacker to execute code on affected systems with elevated privileges. Davide also published a proof of concept and rendering. Listed as CVE-2023-0179, the flaw is a stack-based buffer overflow that exists in the Netfilter subsystem. A competent attacker could exploit this flaw to gain elevated privileges as root if he ran a program carefully written for this purpose.
The vulnerability type consists of a stack buffer overflow integer stream inside the “nft_payload_copy_vlan” function called by expressions nft_payload as long as a VLAN tag exists skb current, explains Ornaghi. Indeed, the Linux kernel has a framework known as Netfilter to perform various network-related actions in the form of individual handlers. This can be done by filtering incoming network packets. Netfilter offers various functions for packet filtering, network address translation and port translation.
These features allow Netfilter to provide the functionality needed to forward packets through a network. According to a security researcher, Linux kernel 6.2.0-rc1 released in October is vulnerable to the CVE-2023-0179 flaw. This vulnerability could be exploited to lead to the disclosure of stack and stack addresses, as well as the possibility of elevation of local privileges to the root user through arbitrary code execution. Users are advised to update their Linux servers as soon as possible and apply distribution patches when available.
It’s also a good idea to allow only trusted individuals access to local systems and to constantly scan compromised systems. Currently, Davide has come up with a fix and published a post on how to mitigate the bug. If you cannot fix this bug, disabling unprivileged user namespaces will prevent the exploit. Last month, a serious vulnerability with a CVSS score of 10 was discovered in the Linux kernel’s SMB server. The flaw allows an unauthenticated user to execute remote code.
The CVSS (Common Vulnerability Scoring System) system used by organizations around the world captures the key features of a security breach and assigns it a number and score that reflects its severity. This numerical score can then be converted into a qualitative representation (such as low, moderate, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes. According to cybersecurity researchers, a vulnerability with a score of 10 is not reassuring and should be taken seriously by users.
A kernel vulnerability discovered last month allows arbitrary code execution on affected devices. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. A specific defect exists in order processing SMB2_TREE_CONNECT. The problem stems from not confirming the existence of an object before performing operations on that object. An attacker could use this vulnerability to execute code in the kernel context. Linux has released an update to address this vulnerability.
Source: Vulnerability description CVE-2023-0179
And you?
How do you feel about the topic?
See also
A vulnerability with a CVSS score of 10 has been discovered in the Linux kernel, affecting only systems with ksmbd enabled, an update has been released to fix it.
Linux kernel version 6.2 would promise many improvements to the file system, but at the same time, the next generation of Linux file systems is not developing rapidly.
Linus Torvalds announces the availability of Linux 6.1: After 31 years, a second language is adopted for kernel development, Rust, which is considered a candidate to replace C.
