Linux Kernel Exploit Affecting Linux 3.3 To Linux 3.8

Posted by Michael Larabel on February 25, 2013

A Linux kernel exploit was made public this weekend that affects versions of Linux going back to the 3.3 kernel. This exploit allows for user-space programs to gain root access through a bug in the kernel's networking code.

As reported on Sunday with a CVE request, "An unprivileged user can send a netlink message resulting in an out-of-bounds access of the sock_diag_handlers[] array which, in turn, allows userland to take over control while in kernel mode."

It appears that individuals have been exploiting this kernel bug for some time. The bug was known to exist privately going back to mid-2012 but wasn't corrected until Saturday with these net patches.

The issue will be addressed in the Linux 3.9 kernel and should make it back to the latest stable point releases of the affected Linux kernel series.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Comments & Discussion
News Archives
Related Linux Kernel News
KTAP Released For Linux Kernel...
Linux 3.10-rc2 Kernel Takes In A...
Linux 3.10 Kernel Benchmarks On...
Linux's "Ondemand"...
New Linux Kernel Vulnerability...
Linux 3.10 Kernel Yields Biggest...
Btrfs In Linux 3.10 Gets Skinny...
Comparing The Ubuntu And Fedora...
Popular News
Portal Released For Steam On...
Why IBM Now Views LLVM As Being...
Linux 3.10 Kernel Yields Biggest...
Ubuntu To Get Its Own Package...
Steam Linux Usage Still On The...
Linux's "Ondemand"...
Linux 3.9 Kernel Released With...
Ubuntu's Mir Moves Ahead With...
Latest Hardware Reviews
  1. Sumo Lounge Emperor
  2. Gallium3D Continues Improving OpenGL For Older Radeon GPUs
  3. 15-Way Open vs. Closed Source NVIDIA/AMD Linux GPU Comparison
  4. Nouveau vs. NVIDIA Linux Comparison Shows Shortcomings
Latest Software Articles
  1. GCC 4.8.0 vs. LLVM Clang 3.3 Compiler Performance
  2. Intel Linux OpenGL Driver Leading Over Apple OS X
  3. The Cost Of Ubuntu Disk Encryption
  4. Btrfs vs. EXT4 vs. XFS vs. F2FS On Linux 3.10
Latest Linux News
  1. A New X.Org-Free Wayland LiveCD Released
  2. Unity 8, Mir Made Progress This Week On Features
  3. LLVM Clang 3.3 RC2 Is Ready For Testing
  4. AMD RadeonSI Gallium3D Begins Simple CL Demos
  5. Intel Shows Off GNOME3-Based Tizen Shell
  6. Linux Desktop Security Could Be A Whole Lot Better
  7. KDE 4.11 Will Be The Last Major KDE4 Workspaces Feature Release
  8. New NVIDIA Linux Driver Supports The GeForce GTX 780
  9. Chrome 28 To Offer More Speed Improvements
  10. Digia Announces "Boot To Qt" Project
  11. X.Org Libraries Hit By Round Of Security Issues
Latest Forum Talk
  1. A New X.Org-Free Wayland LiveCD Released
  2. AMD RadeonSI Gallium3D Begins Simple CL Demos
  3. X.Org Libraries Hit By Round Of Security Issues
  4. Wayland's Weston Gets Output Scaling Support
  5. GCC 4.8.0 vs. LLVM Clang 3.3 Compiler Performance
  6. Linux's "Ondemand" Governor Is No...
  1. Computers
  2. Display Drivers
  3. Graphics Cards
  4. Motherboards
  5. Peripherals
  6. Processors
  7. Software
  8. Operating Systems
  9. All Articles
  1. Linux Benchmarking
  2. OpenBenchmarking.org
  3. Phoronix Test Suite
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).