Linux logo

The Linux team has patched a security flaw in the Linux kernel that can be exploited to gain root-level code execution rights from a low-privileged process.

The security bug, tracked using the CVE-2017-6074 identifier, was discovered by Google intern Andrey Konovalov using syzkaller, a security auditing tool created by Google.

Bug affects all kernels released in the past 11 years

According to Konovalov, the security bug affects all Linux kernels going back to version 2.6.14, released in October 2005, albeit he only tested and confirmed versions going back to 2.6.18, released in September 2006.

The Google intern says the problem was introduced in the kernel when the Linux team added support for the Datagram Congestion Control Protocol (DCCP) in version 2.6.14.

At a technical level, the bug is a double free vulnerability, a type of security bug that occurs when an application frees the same memory address twice, which in some cases can lead to memory errors.

This is exactly what happened this time, as Konovalov found a way to exploit Linux's DCCP support to execute code within the kernel from an unprivileged process. The bug's technical details are presented in depth here or here.

Bug patched last week

The Linux security team fixed the issue last week [1, 2] and the changes already trickled down to various Linux distros, such as Ubuntu, which already released updates.

Konovalov said he'll release proof-of-concept exploit code in a few days, so users have more time to update their systems.

Linux kernel plagued by ancient flaws lately

In recent months, the Linux project patched several security flaws that remained hidden in the Linux kernel for multiple years.

In December 2016, the Linux team patched CVE-2016-8655, a security issue that was introduced in August 2011, and which also granted attackers root access.

In October 2016, the Linux team patched the over-hyped Dirty COW exploit, tracked as CVE-2016-5195, which researchers found it affected all kernel versions released during the last nine years, since 2007.

While the Dirty COW exploit was used in live attacks before being patched, there is no evidence to indicate that Konovalov's bug was used in the wild.

Related Articles:

Linus Torvalds Apologizes, Takes Break to Patch Behavior

Linux CryptoMiners Are Now Using Rootkits to Stay Hidden

Microsoft is Porting Sysinternals Tools to Linux - ProcDump Released

Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems

Windows Systems Vulnerable to FragmentSmack, 90s-Like DoS Bug