Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Posted by Michael Larabel on February 25, 2013

A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code.

As reported on Sunday with a CVE request, "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."

It appears that individuals have been exploiting this kernel bug for some time. The bug was known to exist privately going back to mid-2012 but wasn't corrected until Saturday with these net patches.

The issue will be addressed in the Linux 3.9 kernel and should make it back to the latest stable point releases of the affected Linux kernel series.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Comments & Discussion
News Archives
Related Linux Kernel News
Linux 3.10 Kernel Benchmarks On...
Linux's "Ondemand"...
New Linux Kernel Vulnerability...
Linux 3.10 Kernel Yields Biggest...
Btrfs In Linux 3.10 Gets Skinny...
Comparing The Ubuntu And Fedora...
Linux 3.10 Kernel Integrates...
F2FS File-System Gets Major...
Popular News
Portal Released For Steam On...
Why IBM Now Views LLVM As Being...
Linux 3.10 Kernel Yields Biggest...
Interesting Features, Changes In...
Ubuntu To Get Its Own Package...
Steam Linux Usage Still On The...
Linux 3.9 Kernel Released With...
Ubuntu's Mir Moves Ahead With...
Latest Hardware Reviews
  1. Sumo Lounge Emperor
  2. Gallium3D Continues Improving OpenGL For Older Radeon GPUs
  3. 15-Way Open vs. Closed Source NVIDIA/AMD Linux GPU Comparison
  4. Nouveau vs. NVIDIA Linux Comparison Shows Shortcomings
Latest Software Articles
  1. The Cost Of Ubuntu Disk Encryption
  2. Btrfs vs. EXT4 vs. XFS vs. F2FS On Linux 3.10
  3. AMD Radeon R600 GPU LLVM 3.3 Back-End Testing
  4. F2FS File-System Shows Regressions On Linux 3.10
Latest Linux News
  1. QEMU 1.5 Supports VGA Passthrough, Better USB 3.0
  2. Handbrake 0.9.9 Supports OpenCL Offloading
  3. Freedreno Gallium3D Now Banging The Adreno A3XX
  4. Jolla Announces Their First Phone
  5. Mageia 3 Released, Still Using Legacy GRUB
  6. NetBSD 6.1 Brings In More Features
  7. Using Six Monitors With AMD's Open-Source Linux Driver
  8. Benchmarking The Intel P-State, CPUfreq Changes
  9. FreeBSD Still Working On Next-Gen Package Manager
  10. DNF Still Advancing As Experimental Yum For Fedora
  11. Logitech Begins Supporting Linux Users
Latest Forum Talk
  1. Handbrake 0.9.9 Supports OpenCL Offloading
  2. Jolla Announces Their First Phone
  3. The Cost Of Ubuntu Disk Encryption
  4. QEMU 1.5 Supports VGA Passthrough, Better USB 3.0
  5. Freedreno Gallium3D Now Banging The Adreno A3XX
  6. Sumo Lounge Emperor
  1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Motherboards
  5. Peripherals
  6. Processors
  7. Software
  8. Operating Systems
  9. All Articles
  1. Linux Benchmarking
  2. OpenBenchmarking.org
  3. Phoronix Test Suite
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).