+- Gimp-Forum.net (https://www.gimp-forum.net)
+-- Forum: Other topics (https://www.gimp-forum.net/Forum-Other-topics)
+--- Forum: Watercooler (https://www.gimp-forum.net/Forum-Watercooler)
+--- Thread: major vulnerability in Linux kernel (/Thread-major-vulnerability-in-Linux-kernel)
major vulnerability in Linux kernel - denzjos - 08-07-2024
https://ground.news/article/researchers-discover-major-vulnerability-in-linux-kernel
https://www.stefangast.eu/papers/slubstick.pdf
RE: major vulnerability in Linux kernel - rich2005 - 08-07-2024
Proof of concept does not mean it will happen tomorrow. Using kubuntu 24.04 here. There are (over) frequent kernel security updates. I assume to be effective the attack has to be delivered somehow.
Maybe like this:
https://arstechnica.com/security/2024/08/hacked-isp-infects-users-receiving-unsecure-software-updates/ ...and reading the comments, that is unlikely. Publishers love scary headlines.
RE: major vulnerability in Linux kernel - PixLab - 08-07-2024
Same as rich2005, "Publishers love scary headlines", the only way to attract visitor like on YT with their clickbait thumbnails
Also when reading from the article link ➤ "This is made possible by a technique that identifies the exact moment of memory allocation. This allows attackers to anticipate memory reuse and manipulate this reuse.".
I'm no programmer, but to identify the exact moment of memory allocation you need to be already in... No?
RE: major vulnerability in Linux kernel - Ofnuts - 08-07-2024
(08-07-2024, 08:47 AM)PixLab Wrote: Same as rich2005, "Publishers love scary headlines", the only way to attract visitor like on YT with their clickbait thumbnails
Also when reading from the article link ➤ "This is made possible by a technique that identifies the exact moment of memory allocation. This allows attackers to anticipate memory reuse and manipulate this reuse.".
I'm no programmer, but to identify the exact moment of memory allocation you need to be already in... No?
Yes. But the idea is that you could sneak the code through an innocuous application/plugin/library, that you wouldn't worry too much about because it runs in user space. And then that code finds a way to divert code that runs in kernel/system space...
On personal computers, this isn't so much of a problem because you can have some trust on the code that comes in (unless you add some random PPA to your package sources in Linux
), but if you are on a server in the cloud, it is probably a virtual machine sharing the hardware with other machines that you don't control, and you can worry that one of these machines could take control of the hardware and spy on you or worse.