Low-level exploit sends Ubuntu, OpenSUSE kernel bug hunting

Low-level exploit sends Ubuntu, OpenSUSE kernel bug hunting

Summary: Bug in Linux x32 application binary interface could allow an attacker to escalate privileges.

TOPICS: Security, Linux

OpenSUSE and Ubuntu may be susceptible to a vulnerability in a low-level application interface recently introduced to the two Linux distributions.

Both operating systems have begun including support for the Linux x32 application binary interface (ABI) — similar to a software/code-level application programming interface (API), but at machine code level.

The x32 ABI essentially allows 32-bit applications to take advantage of 64-bit x86 architectures. For it to be enabled, however, administrators need to have enabled it while building the Linux kernel. Notable exceptions to this are OpenSUSE and Ubuntu, which had enabled it by default in their distributions.

Chrome OS security engineer Kees Cook outed the vulnerability in x32 ABI, which could allow an unprivileged user to escalate their privileges due to an arbitrary kernel write flaw.

According to Cook, the bug affects all Linux kernels since 3.4, in which the option to include x32 support was included. He has also released proof-of-concept code, showing how the vulnerability can be abused.

A fix for the vulnerability has been developed, and Ubuntu has issued its own update in response.

Red Hat has previously been paged by its users to enable x32 support in Fedora 18; however, it refused to include it, citing security concerns.

"It affects every user by potentially exposing them to as-yet-unfound security bugs for zero gain," Red Hat kernel developer Dave Jones said at the time.

"In addition to this, it increases the potential attack surface for all users, 99.9 percent of which will never even use this feature unless we enable it for additional packages."

Users can test if they are vulnerable by checking if the CONFIG_X86_X32 variable is set in their kernel configuration.

Topics: Security, Linux

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Flame war...

    ...some articles have "flame war" written all over them.
  • Good point

    If you don't need it, don't enable it.
  • Low-level exploit sends Ubuntu, OpenSUSE kernel bug hunting

    And to no one's surprise linux proves its insecure again. I will not be using linux any time in the near future.
    • Limp excuse

      The fix came faster than anything MS ever did.
    • Not that you would have...

      even if this bug wasn't discovered.
    • You would find it boring.

      That's good because it would bore you. You just turn it on and it works. You don't have that fear of clicking on the wrong thing all the time. You don't have to update the antivirus and check out its scans. You don't have to reach into your pocket and pay for a new os . They charge you money so you think its worth something. You can't spend a lot of time chasing down problems caused by some nasty viruses. Why Linux may even make you feel worthless and not needed. Do you really think taking a shot at Linux was needed when you are free to use whatever os you choose? Oh by the way Linux has improved so much in the last few years that even Windows users can run it.
      Rick Sos
  • Not a concern

    Of course you won't. You've long ago proved yourself totally uninformed about everything related to Linux. SInce you've obviously never used it in the past, the chances of you using it in the future are slim to none.
    • Calm down.

      Michael Lee is just a reporter. He reports all tech news, not just for Linux.

      You shouldn't assume that he hasn't used Linux, either.
      • I suspect he was replying to L.D. really.

        Either he pressed the wrong button, or ZD-Net's quality forum software has rendered the reply in the wrong place.
  • Some good news for Debian/testing users

    Debian testing default configuration is okay:

    amd64:~# grep CONFIG_X86_X32 /boot/config-*
    /boot/config-3.10-3-amd64:# CONFIG_X86_X32 is not set
    /boot/config-3.11-2-amd64:# CONFIG_X86_X32 is not set
    /boot/config-3.12-1-amd64:# CONFIG_X86_X32 is not set

    (Debian/stable is running a lower version, 3.2, so also not affected)
  • Switch to Robolinux it's 100% Debian based

    I've got 26 XP boxes running Robolinux with their "Virtual Machine Stealth Sync Protection" software. So far in 6 months not one virus. I love it!