This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide.
This only affects positively ancient kernels:
From (including) 3.15 Up to (excluding) 5.15.149 From (including) 6.1 Up to (excluding) 6.1.76 From (including) 6.2 Up to (excluding) 6.6.15 From (including) 6.7 Up to (excluding) 6.7.3
fuck my phone running android is vulnerable
If I’m not mistaken, RHEL9 and equivalents are on 5.15. That’s a pretty big blast radius.
RHEL is on 5.15 in spirit only. They backport tons of patches to the point that 5.15 modules don’t build against it
I think RHEL9 uses 5.14 as base
You’re right, it’s 5.14 not 5.15 like I thought. I’m spending most of my time im Debian these days though, so I’m glad I wasn’t too far off.
They will probably have a version newer than 5.15.149.
AliasAKA is correct, it’s actually 5.14, not 5.15 like I thought.
Debian Bookworm (Debian 12/oldstable) would be affected then, I think?
It looks to be on 6.1.153 currently which is much newer than 6.1.76.
Sweet, cheers for checking - I just remembered it being on 6.1.?
How would I know what kernal I have?
With the
uname -acommand
For exploiting a privilege escalation the attacker must be able to run their own code on your machine. If you let them do such things, you already have more than enough security problems in the first place.
Except for supply chain attacks. You get a foot in the door, and open the rest with impunity
Yes, but still a privilege elevation bug is still less risky than a remote execution one.
I read: Microsoft started to feel threatened and paid black hats to exploit vulnerabilities in wares that people have recently learned are far superior to their goddamned surveillance garbage.
Feeling pret-ty smug about my Windows 10 machine rn ngl
Your Windows 10 machine? Microsoft disagree.
Lol because Windows has never been exploited
Name literally one time!?
This is a joke right
I hacked it. The screen said “It is now safe to turn off your computer.” but I left it on instead.
That one time that Clippy started peeling off it’s flesh whilst chanting in reversed Latin and also wasn’t in the computer anymore.
(This was after I let it play that Flash with the Badger song for two weeks so I kinda understand what happened.)
And that kids, is why we are pushing for Rust in the Kernel
Rust would not of fixed this
Rust isn’t magical
Explain how a use after free could occur in safe rust, because to my knowledge, that is exactly the kind of thing rust does protect against.
Duh, by wrapping it in an
unsafeblock.
Boom.Easy. Do some specific incantation that barely looks like it follows rust syntax that is specifically made to exploit a bug in the rust compiler.
You never say “would not of”. It’s “would not have”.
Rust would have prevented this, because the borrow checker prevents use-after-free vulnerabilites.
Do you know what a use-after-free bug is? Rust was literally designed to make this type of memory bug impossible.
But then the kernel wouldn’t be free! Free as in ‘use-after-free’!
(/s in case it wasn’t obvious)
Magical pills do not exist. Better start pushing old fuckers incapable of learning out of the project (yeah, I don’t like this kind of treatment of Rust just because it is not C either)
Old fuckers exist to protect young fuckers from throwing out the baby with the bath water.
I’m referring to the ageism implied in the statement, I don’t care about C vs Rust any more than I care about vi vs emacs or KDE vs Gnome.
Old fuckers have experience, they have seen many next big things come and go, that’s why they seem slow to adopt new stuff. Of course this annoys new fuckers a lot, as they want to play with their new shiny toys now.
Patience is a virtue, young grasshopper.
Ooh, so “get out with this Rust, I ain’t gonna think about when writing my code” is protecting a baby now?
Okay, then why we need to use a language that has more in common with OCaml? What about using a better C instead?
no one uses d
It’s never too late to start!
let me clarify: no employer uses d. I use d. I am a nobody
Such as?
This language was there for a lot longer than Rust, and is not “OCaml, but with curly braces for scopes”.
Local attacker? So on your LAN
You need to be able to run code on the system that has the bug. The bug is in the netfilter component, in how it’s managed on that system, not in the actual traffic flows.
So a non issue unless somebody has physical access to the machine?
Unfortunately, it’s not that simple, because attacks often involve “exploit chains”. In this case, an attacker would use a different vulnerability to gain code execution capability, and then use that capability to exploit this vulnerability.
Update your systems, folks.
Understood
No. They just have to be able to place exploit code onto your machine and have it run.
If they can place exploit code on my machine, I think its already game over, regardless of that bug
Not necessarily, if you follow proper hosting etiquette, then even if they break in they should only be a standard user and have no access to the rest of your system. But most self hosters just run everything as root as it’s less of a hassle.
I guess I was thinking of the many Linux users I have encountered that sets same user and root password, or has sudo as passwordless. SMH
Not directly, but as other comment has mentioned, it reduces the overall security posture because it could be combined with other flaws known and unknown.
Yeah, less vectors are better
The (ssh) call it coming from inside the 127.0.0.1!!
(Scoot over, I need the keeb.)
