New Linux Kernel Flaw Gives Root Access to Attackers

A Critical bug in Linux Kernal that affected multiple Linux distributions including all versions of Red Hat and CentOS have been discovered which gives root access to the attacker on a vulnerable machine. The bug identified as CVE-2018-14634 (integer overflow bug) resides in a Linux kernel function for memory management and allows attackers with unprivileged local access to a system to escalate their privileges.

This privilege escalation bug was discovered by the security vendor, Qualys. Qualys have already made a patch for the flaw and it is named as "Mutagen Astronomy". The patch is available for almost all affected distribution and many have already "backported" the patch for older versions of their kernels. But Red Hat Linux Enterprise, CentOS, and the Debian 8, or the "oldstable" version, are yet not patched.

To successfully exploit this vulnerability, attackers need to have access to the targeted system and run their exploit that leads to a buffer overflow, thereby resulting in the execution of malicious code and achieving complete control of the affected system.

On the statement, RedHat said the issue impacts Red Hat Enterprise Linux 6, 7, and Red Hat Enterprise MRG 2. But versions of the Linux kernel shipped with Red Hat Linux 5 are not impacted. Moreover,

"This issue does not affect 32-bit systems as they do not have a large enough address space to exploit this flaw. Systems with less than 32GB of memory are unlikely to be affected by this issue due to memory demands during exploitation" - they added.

 Qualys director says-

The flaw is another reminder of the importance of the need for layered defenses. Often attackers who exploit a remote vulnerability—such as a Web-application exploit, for instance—only gain unprivileged access on the vulnerable system.

Qualys team also released all the technical details and proof-of-concept (POC) exploit for the vulnerability which can be found here and here.