Announcement

Collapse
No announcement yet.

New Kernel Vulnerability Allows Local Root For Unprivileged Processes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • New Kernel Vulnerability Allows Local Root For Unprivileged Processes

    Phoronix: New Kernel Vulnerability Allows Local Root For Unprivileged Processes

    There is yet another new Linux kernel vulnerability being disclosed today that allows for unprivileged processes to gain kernel code execution abilities...

    http://www.phoronix.com/scan.php?pag...-CVE-2016-8655

  • #2
    I just checked my own system. I already got the fix without even knowing it! So nice to have security updates set to "downaload and install automatically"

    Comment


    • #3
      Stable kernel 4.8.12 is still vulnerable (released on 2016-12-02). WTF?

      Wow, the fix is not even in the stable queue yet: http://git.kernel.org/cgit/linux/ker...queue.git/log/
      Last edited by birdie; 12-06-2016, 10:08 PM.

      Comment


      • #4
        Originally posted by birdie View Post
        Stable kernel 4.8.12 is still vulnerable (released on 2016-12-02). WTF?

        Wow, the fix is not even in the stable queue yet: http://git.kernel.org/cgit/linux/ker...queue.git/log/
        To be fair, the vast majority of people use "distro Kernels" and these backport security fixes that are independent from upstream Kernel from Kernel.org.

        Comment


        • #5
          This is getting ridiculous.

          Comment


          • #6
            Honestly. If you care about security you should be using Windows. There are lot of nerdy reasons to use linux, but security is not one of them.

            Comment


            • #7
              Originally posted by garegin View Post
              Honestly. If you care about security you should be using Windows. There are lot of nerdy reasons to use linux, but security is not one of them.
              Oh yes, you Are right! Microsoft has showed how they Care about security quite a lot in the past. Especially with their security patches coming only about 2 years late.

              Comment


              • #8
                Originally posted by garegin View Post
                Honestly. If you care about security you should be using Windows. There are lot of nerdy reasons to use linux, but security is not one of them.
                Honestly. You beat me to trolling this thread.

                Comment


                • #9
                  As this is a use after free issue, is this something that could have been prevented simply by using Rust instead?
                  Safe Rust would catch it, but in a kernel code like this might have to be wrapped in unsafe blocks anyway?

                  Comment


                  • #10
                    Originally posted by garegin View Post
                    Honestly. If you care about security you should be using Linux. There are lot of gaming reasons to use Windows, but security is not one of them.
                    fixed.

                    Comment

                    Working...
                    X