The Linux vulnerability series is more than '15 years old', allowing hackers to hijack root privileges
Vulnerabilities are currently being tracked with identifiers CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364.
International security researchers recently found three flaws in the iSCSI subsystem of the Linux kernel. These are all critical flaws that, if successfully exploited, could allow a local attacker with basic user privileges to gain root privileges on affected Linux systems. Vulnerabilities are currently being tracked with identifiers CVE-2021-27365, CVE-2021-27363, and CVE-2021-27364.
Fortunately, these security flaws can only be exploited locally, meaning potential attackers will have to have direct access to vulnerable devices by exploiting another vulnerability. Or use an alternate attack vector.
15 years old Linux vulnerabilities
These three holes were discovered by researchers from the GRIMM security team. According to experts' estimates, the flaws have existed for no less than 15 years, most likely from the early stage of development of the iSCSI kernel subsystem in 2006.
According to GRIMM security researcher Adam Nichols, these three vulnerabilities affect all Linux distributions. Fortunately, the scsi_transport_iscsi kernel module that contains the vulnerability is not loaded by default.
However, depending on the Linux distribution targeted by attackers, this module can still be downloaded and exploited for privileged upgrades.
' Usually, the Linux kernel loads modules because the new hardware is discovered or because a module is found to be missing by a kernel function. The second case is more likely to be abused, and at the same time more susceptible to activation by an attacker, allowing them to expand the core's attack surface , '' Nichols said. ' On CentOS 8, RHEL 8 and Fedora systems, unprivileged users can automatically load the required modules if the rdma-core package is installed. Whereas on Debian and Ubuntu systems the rdma-core package will only automatically load the two required kernel modules if the RDMA hardware is available. Hence, the vulnerability has much more limited scope . '
Take up root privileges
An attacker can take advantage of the aforementioned vulnerabilities to bypass security features such as Kernel Address Space Layout Randomization (KASLR), Supervisor Mode Execution Protection (SMEP), Supervisor Mode Access Prevention (SMAP), and Kernel Page-Table Isolation (KPTI).
Essentially, these three vulnerabilities can lead to local privilege enhancement behavior, information leakage, and denial of service:
- CVE-2021-27365 : Heap buffer overflow (Local privilege upgrade, Information leak, Denial of service)
- CVE-2021-27363 : Kernel pointer leak (Information Leakage)
- CVE-2021-27364 : Out-of-bounds read (Information leakage, Denial of service)
All three vulnerabilities are currently fixed as of updates 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260, patches are available in the kernel. Linux mainline on 7th March. No fixes will be released for non-EOL supported kernel versions such as 3.x and 2.6.23.
If you have one of the above Linux kernel versions installed, your device will no longer be compromised in these three vulnerabilities.
You should read it
- Review Kaspersky Internet Security 2021: A comprehensive set of security tools for computers
- Post-thanks corner: Google, Microsoft award millions of dollars to white-hat hackers, Toyota, NEC say 'thank you'
- Serious security vulnerability on Intel chips
- Top 10 Security Tips to Implement in 2021
- Forecast 2021: The world of security will be devastated by ransomware '
- SEO trend 2021 determines the success of SEO projects in 2021
- Found 37 security holes in VNC on Linux, Windows
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
- Detect a critical flaw in VMware Cloud Director, which could pave the way for hackers to take control of enterprise servers
- Warning: Jenkins exists a serious security hole that helps hackers gain control of computers of many Vietnamese businesses
- The basic steps in dealing with network security issues that you need to understand
- Microsoft confirms a new serious security hole in Windows 10
Maybe you are interested
Disney Mirrorverse tips for beginners List of Disney Mirrorverse character ranks 8 common keyboard shortcuts you need to know to use Windows professionally KeyboardTest - Software testing keyboard, checking keyboard errors PI (PI Function) in Excel - How to use PI numbers in Excel How to manage Chrome bookmarks effectively